Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
AppAuthentication 1.1.0-preview: No Connection string specified
See original GitHub issueWe’re currently using this library to access an Azure KeyVault in an ASP.NET Core 2.x app. For now only in development mode. So the access token is obtained through Azure CLI, behind the scenes.
This seems to work fine most of the time, but at least a couple of times a week it throws the following exception:
Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/00461629-1df0-4d1c-9464-0d684ec042fb. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/00461629-1df0-4d1c-9464-0d684ec042fb. Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.
Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/00461629-1df0-4d1c-9464-0d684ec042fb. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "C:\Users\maike\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json"
Parameters: Connectionstring: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/00461629-1df0-4d1c-9464-0d684ec042fb. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. Process took too long to return the token.
The last part seems to describe the problem: Azure CLI seems to have taken too long to return the token. When restarting the application it works fine (because Azure CLI probably caches the token and returns much quicker).
Could the timeout be extended by default, or at least be configurable? A retry mechanism would also work.
We implemented the following workaround. The following snippets are taken from an ASP.NET Core 2.x app, where we add the KeyVault as part of the app configuration (through the ConfigurationBuilder class):
Old:
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
builder.AddAzureKeyVault(keyVaultUrl, keyVaultClient, new DefaultKeyVaultSecretManager());
New:
var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=Developer; DeveloperTool=AzureCli");
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(GetToken));
builder.AddAzureKeyVault(keyVaultUrl, keyVaultClient, new DefaultKeyVaultSecretManager());
// Try 3 times and throw exception if 3rd time was not successfull.
async Task<string> GetToken(string authority, string resource, string scope)
{
for (var i = 0; i < 2; i++)
{
try
{
return await azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope).ConfigureAwait(false);
}
catch (AzureServiceTokenProviderException) { }
}
return await azureServiceTokenProvider.KeyVaultTokenCallback(authority, resource, scope).ConfigureAwait(false);
}
Issue Analytics
- State:
- Created 6 years ago
- Reactions:5
- Comments:32 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi friends, I have little ability to write fancy workaround code (my head is not there), but by what you said above, I harkened back to some old advice of: In the tool bar at the top of your VS 2017 program go to: Tools, Options, Azure Service Authentication, Account Selection, click the drop arrow on the right of the Microsoft banner with your account name on it, click your account pop-up again…hard(really insist on it), and that worked. I really feel like a “just fix it” here might be just fine for a lot of folks. Don’t get me wrong, you girls(guys) know it better. Boy did I just want it to work (phew!) Thanks 😃
I am having the same error but I am confused because when I run the web app locally I am able to access the key vault, retrieve my connection string and connect to my database. Then I’ll publish to azure and the same code gives that whole “Tried the following 3 methods to get an access token, but none of them worked.” error message. What could make it work locally but not azure? Any ideas?