Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] DefaultAzureCredential failed to retrieve a token from the included credentials
See original GitHub issueDescribe the bug After switching from Azure.Identity 1.2.0 to Azure.Identity 1.3.0 I get the following error while debugging my ASP .NET Core 3.1.8 Application:
DefaultAzureCredential failed to retrieve a token from the included credentials.
- ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
- SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user . Ensure that you have authenticated with a developer tool that supports Azure single sign on.
- Process "C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\Common7\IDE\Extensions\b1hwzg3d.j4s\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS500011: The resource principal named https://database.windows.net/default was not found in the tenant named X. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Timestamp: 2020-11-20 12:14:23Z'
While using Azure.Identity 1.2.0 I had already issues with following bug: https://github.com/Azure/azure-sdk-for-net/issues/14691
Now what I am doing:
I switched our application and resources for the use of managed identities. For debugging I am using the “Azure Service Authentication” option in Visual Studio 2019. The error occurs not in a deterministic timeframe. Sometimes my application is working for about an hour without problems and sometimes the error occurs after few minutes.
This is a snippet where I get the exception:
if(Database.GetDbConnection() is Microsoft.Data.SqlClient.SqlConnection conn)
{
var tokenCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions()
{
ExcludeAzureCliCredential = true,
ExcludeVisualStudioCodeCredential = true,
});
var context = new TokenRequestContext(new[] { "https://database.windows.net/default" });
var tokenResponse = tokenCredential.GetToken(context);
conn.AccessToken = tokenResponse.Token;
}
I experiment with the DefaultAzureCredentialOptions. But it makes no difference if I use the DefaultAzureCredentialOptions or not:
if(Database.GetDbConnection() is Microsoft.Data.SqlClient.SqlConnection conn)
{
var tokenCredential = new DefaultAzureCredential();
var context = new TokenRequestContext(new[] { "https://database.windows.net/default" });
var tokenResponse = tokenCredential.GetToken(context);
conn.AccessToken = tokenResponse.Token;
}
After a while my application crashes.
Environment:
- Azure.Identity 1.3.0
- Windows 10 20H2 with .NET Core 3.1.8
- Visual Studio 2019 Version 16.8.2
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@AliGuemues thanks for filing this issue. Sorry your having this trouble. Looking at the error message it seems that the
VisualStudioCredentialis failing with the following error which is complaining about the scope that you’ve passed in “https://database.windows.net/default”.I believe the scope you meant to specify is “https://database.windows.net/.default” (note the . before default). If you update the scope do you still see authentication failures?
Thank you for your feedback. Tagging and routing to the team member best able to assist.