I'm using DefaulAzureCredential (Azure.Identity v1.2.3), to access resources on Azure. In Program.cs of my Asp.Net Core 3.1 web app, I configured Azure key vault access like below:
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((context, builder) =>
{
var secretClient = new SecretClient(
new Uri("https://MyKeyVault.vault.azure.net/"),
new DefaultAzureCredential());
builder.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
The above code works as expected on my local computer, when I debug source code from Visual Studio 2019, by pressing F5. From MS documentation (the above link), I see that DefaultAzureCredential will try to use various credentials in the following order: EnvironmentCredential, ManagedIdentityCredential, SharedTokenCacheCredential, VisualStudioCredential, etc. I checked what credential my local dev pc was using, by replacing DefaultAzureCredential with the above credentials:
.ConfigureAppConfiguration((context, builder) =>
{
var secretClient = new SecretClient(
new Uri("https://MyKeyVault.vault.azure.net/"),
new EnvironmentCredential());
builder.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
})
The above quickly threw an exception: CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
Similar exception is thrown for ManagedIdentityCredential: CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
However, both SharedTokenCacheCredential and VisualStudioCredential worked.
Now, I think the above behaviour is correct. I didn't set environment variables needed (such as tenant id, client id etc.), and I think ManagedIdentityCredential is only available when my web app runs in Azure environment (see this doc).
Now about the issue. In my newly installed computer I ran my web app from within Visual Studio 2019, and it failed: AuthenticationFailedException: ManagedIdentityCredential authentication failed: Retry failed after 4 tries.
Using EnvironmentCredential results in the same exception as in my old computer, which is expected. Also, using both SharedTokenCacheCredential and VisualStudioCredential worked as in my old computer. From the error description, I think, on my new computer somehow the web app tries to use ManagedIdentityCredential and fails. What causes this issue?