Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] DefaultAzureCredential throws exceptions when run in container
See original GitHub issueCreate a console app.
New up a DAC
var cred = new DefaultAzureCredential();
Call a client, like blob client.
Create Dockerfile
FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /src
COPY . .
RUN dotnet publish "Services/QueueService/QueueService.csproj" -c Release -o /app/publish
FROM mcr.microsoft.com/dotnet/core/runtime:3.1 AS base
RUN apt-get update -y && apt-get install python3 python3-distutils python3-pip -y && pip3 install azure-cli
ENV PATH /root/.local/bin/:$PATH
WORKDIR /app
COPY --from=build /app/publish .
ENTRYPOINT ["dotnet", "QueueService.dll"]
Run with docker-compose up
# Please refer https://aka.ms/HTTPSinContainer on how to setup an https developer certificate for your ASP .NET Core service.
version: "3.8"
services:
azsdkdemoqueueservice:
image: azsdkdemoqueueservice
volumes:
- "${HOME}/.azure:/root/.azure"
build:
context: .
dockerfile: Services/QueueService/Dockerfile
You will get this error:
Attaching to net_azsdkdemoqueueservice_1, net_azsdkdemoapi_1, net_azsdkdemowebapp_1
azsdkdemoqueueservice_1 | Unhandled exception. Azure.Identity.AuthenticationFailedException: DefaultAzureCredential authentication failed.
azsdkdemoqueueservice_1 | ---> Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed.
azsdkdemoqueueservice_1 | ---> System.ArgumentNullException: Value cannot be null. (Parameter 'attributeValue1')
azsdkdemoqueueservice_1 | at Microsoft.Identity.Client.Extensions.Msal.CacheAccessorLinux..ctor(String cacheFilePath, String keyringCollection, String keyringSchemaName, String keyringSecretLabel, String attributeKey1, String attributeValue1, String attributeKey2, String attributeValue2, TraceSourceLogger logger)
azsdkdemoqueueservice_1 | at Microsoft.Identity.Client.Extensions.Msal.MsalCacheStorage.Create(StorageCreationProperties creationProperties, TraceSource logger)
azsdkdemoqueueservice_1 | at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper..ctor(StorageCreationProperties storageCreationProperties, TraceSource logger, HashSet`1 knownAccountIds, FileSystemWatcher cacheWatcher)
azsdkdemoqueueservice_1 | at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper.CreateAsync(StorageCreationProperties storageCreationProperties, TraceSource logger)
azsdkdemoqueueservice_1 | at Azure.Identity.MsalPublicClient.InitializeAsync()
azsdkdemoqueueservice_1 | at Azure.Identity.MsalPublicClient.EnsureInitializedAsync(Boolean async)
azsdkdemoqueueservice_1 | at Azure.Identity.MsalPublicClient.GetAccountsAsync()
azsdkdemoqueueservice_1 | at Azure.Identity.SharedTokenCacheCredential.GetAccountAsync()
azsdkdemoqueueservice_1 | at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | --- End of inner exception stack trace ---
azsdkdemoqueueservice_1 | at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
azsdkdemoqueueservice_1 | at Azure.Identity.SharedTokenCacheCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.SharedTokenCacheCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | --- End of inner exception stack trace ---
azsdkdemoqueueservice_1 | at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
azsdkdemoqueueservice_1 | at Azure.Storage.Queues.QueueRestClient.Queue.CreateAsync(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, Uri resourceUri, String version, Nullable`1 timeout, IDictionary`2 metadata, String requestId, Boolean async, String operationName, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Storage.Queues.QueueClient.CreateInternal(IDictionary`2 metadata, Boolean async, CancellationToken cancellationToken, String operationName)
azsdkdemoqueueservice_1 | at Azure.Storage.Queues.QueueClient.CreateIfNotExistsInternal(IDictionary`2 metadata, Boolean async, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Storage.Queues.QueueClient.CreateIfNotExistsAsync(IDictionary`2 metadata, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at QueueService.Program.Main(String[] args) in /src/Services/QueueService/Program.cs:line 31
azsdkdemoqueueservice_1 | at QueueService.Program.<Main>(String[] args)
Based on the exception it looks like we are not gracefully handling the case where shared token cache is not found.
If I exclude SharedTokenCacheCred I get this
Attaching to net_azsdkdemoqueueservice_1, net_azsdkdemoapi_1, net_azsdkdemowebapp_1
azsdkdemoqueueservice_1 | Unhandled exception. Azure.Identity.AuthenticationFailedException: DefaultAzureCredential authentication failed.
azsdkdemoqueueservice_1 | ---> Azure.Identity.AuthenticationFailedException: VisualStudioCodeCredential authentication failed.
azsdkdemoqueueservice_1 | ---> System.DllNotFoundException: Unable to load shared library 'libsecret-1.so.0' or one of its dependencies. In order to help diagnose loading problems, consider settig the LD_DEBUG environment variable: liblibsecret-1.so.0: cannot open shared object file: No such file or directory
azsdkdemoqueueservice_1 | at Azure.Identity.LinuxNativeMethods.Imports.secret_schema_new(String name, Int32 flags, String attribute1, Int32 attribute1Type, String attribute2, Int32 attribute2Tye, IntPtr end)
azsdkdemoqueueservice_1 | at Azure.Identity.LinuxNativeMethods.secret_schema_new(String name, SecretSchemaFlags flags, String attribute1, SecretSchemaAttributeType attribute1Type, String attribte2, SecretSchemaAttributeType attribute2Type)
azsdkdemoqueueservice_1 | at Azure.Identity.LinuxVisualStudioCodeAdapter.GetLibsecretSchema()
azsdkdemoqueueservice_1 | at Azure.Identity.LinuxVisualStudioCodeAdapter.GetCredentials(String serviceName, String accountName)
azsdkdemoqueueservice_1 | at Azure.Identity.VisualStudioCodeCredential.GetTokenImplAsync(TokenRequestContext requestContext, Boolean async, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | --- End of inner exception stack trace ---
azsdkdemoqueueservice_1 | at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
azsdkdemoqueueservice_1 | at Azure.Identity.VisualStudioCodeCredential.GetTokenImplAsync(TokenRequestContext requestContext, Boolean async, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.VisualStudioCodeCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | --- End of inner exception stack trace ---
azsdkdemoqueueservice_1 | at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
azsdkdemoqueueservice_1 | at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
I don’t see an option to Exclude Visual Studio Credential
We need to:
- Go through each credential and make sure we throw cred not available exceptions, not authentication failed exceptions
- Write integration tests that test with Azure.Identity scenarios in containers.
azsdke2e
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (7 by maintainers)
Top Results From Across the Web
DefaultAzureCredential failed to retrieve a token
If you try to retrieve a value from Azure Key Vault, you may run into this error: “DefaultAzureCredential failed to retrieve a token...
Read more >Azure.Identity.CredentialUnavailableException: ...
Looking at my stdout logs I get the following exception everytime. Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed ...
Read more >Azure Key Vault secret access intermittently fails from a ...
Hello, I have deployed a Python application in a Docker container in which the script fetches a secret stored in Azure Key Vault...
Read more >Certificate error when running in Docker container
It works fine when running the code in Windows developer machine, but in a Docker container (running Linux) it throws this exception.
Read more >ScriptHost error occured despite catching an exception
When a queue trigger function fails, Azure Functions retries the function up to five times for a given queue message, including the first...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@MaxCrank Apologies for the lost time. Please build your own credential chain with ChainedTokenCredential and only include the credential types you need.
Let me know if you want to pair on this. https://jong.io/contact
Jon
AuthenticationFailedExceptionis a wrapper for any exception (exceptOperationCanceledException), so when it happens, it basically means that something unexpected has happened. Swallowing these exceptions inDefaultAzureCredential.GetTokenFromSourcesAsyncwill hide some real issues that users may experience and require fix from our sideDefaultAzureCredentialOptions.ExcludeVisualStudioCredential