DefaultAzureCredential fails when multiple accounts are available and defaulting to SharedTokenCacheCredential
See original GitHub issueDescribe the bug
I am using v1.0 of Azure.Identity
on both .NET Framework and .NET Core and am attempting to connect to a blob container via DefaultAzureCredential
:
async static Task CreateBlockBlobAsync(string accountName, string containerName)
{
// Construct the blob container endpoint from the arguments.
string containerEndpoint = string.Format("https://{0}.blob.core.windows.net/{1}", accountName, containerName);
// Get a credential and create a client object for the blob container.
var containerClient = new BlobContainerClient(new Uri(containerEndpoint), new DefaultAzureCredential());
// Create the container if it does not exist.
await containerClient.CreateIfNotExistsAsync();
}
I am logged into Visual Studio with two accounts. When I run this, I get the following:
Azure.Identity.AuthenticationFailedException
HResult=0x80131500
Message=The DefaultAzureCredential failed to retrieve a token from the included credentials.
EnvironmentCredential is unavailable Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Currently set variables [ ].
ManagedIdentityCredential is unavailable No managed identity endpoint found..
SharedTokenCacheCredential is unavailable Multiple accounts were discovered in the shared token cache. To fix, set the AZURE_USERNAME environment variable to the preferred username, or specify it when constructing SharedTokenCacheCredential.
Discovered Accounts: [ '****@outlook.com', '****@microsoft.com' ].
See inner exception for more detail.
Source=Azure.Identity
StackTrace:
at Azure.Identity.DefaultAzureCredential.<GetTokenAsync>d__10.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Identity.DefaultAzureCredential.<GetTokenAsync>d__9.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.<ProcessAsync>d__8.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.<ProcessAsync>d__1.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Azure.Core.Pipeline.RetryPolicy.<ProcessAsync>d__11.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Azure.Core.Pipeline.RetryPolicy.<ProcessAsync>d__11.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.<ProcessAsync>d__1.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.<ProcessAsync>d__1.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobRestClient.Container.<CreateAsync>d__0.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobContainerClient.<CreateInternal>d__36.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobContainerClient.<CreateIfNotExistsInternal>d__35.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobContainerClient.<CreateIfNotExistsAsync>d__34.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at StorageAccountSample.Program.<CreateBlockBlobAsync>d__1.MoveNext() in C:\Users\tasou\source\repos\StorageAccountSample\StorageAccountSample\Program.cs:line 24
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at StorageAccountSample.Program.<Main>d__0.MoveNext() in C:\Users\tasou\source\repos\StorageAccountSample\StorageAccountSample\Program.cs:line 12
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at StorageAccountSample.Program.<Main>(String[] args)
Inner Exception 1:
AggregateException: The DefaultAzureCredential failed to retrieve a token from the included credentials.
Inner Exception 2:
CredentialUnavailableException: Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Currently set variables [ ]
At this, point, I attempt to set AZURE_USERNAME
. This fails with the following:
Azure.Identity.AuthenticationFailedException
HResult=0x80131500
Message=The DefaultAzureCredential failed due to an unhandled exception: SharedTokenCacheCredential failed with unhandled exception The authentication request failed due to an unhandled exception. See inner exception for details..
EnvironmentCredential is unavailable Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Currently set variables [ AZURE_USERNAME ].
ManagedIdentityCredential is unavailable No managed identity endpoint found..
SharedTokenCacheCredential failed with The authentication request failed due to an unhandled exception. See inner exception for details..
See inner exception for more detail.
Source=Azure.Identity
StackTrace:
at Azure.Identity.DefaultAzureCredential.<GetTokenAsync>d__10.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Identity.DefaultAzureCredential.<GetTokenAsync>d__9.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.<ProcessAsync>d__8.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.<ProcessAsync>d__1.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Azure.Core.Pipeline.RetryPolicy.<ProcessAsync>d__11.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Azure.Core.Pipeline.RetryPolicy.<ProcessAsync>d__11.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.<ProcessAsync>d__1.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.<ProcessAsync>d__1.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobRestClient.Container.<CreateAsync>d__0.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobContainerClient.<CreateInternal>d__36.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobContainerClient.<CreateIfNotExistsInternal>d__35.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Storage.Blobs.BlobContainerClient.<CreateIfNotExistsAsync>d__34.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at StorageAccountSample.Program.<CreateBlockBlobAsync>d__1.MoveNext() in C:\Users\tasou\source\repos\StorageAccountSample\StorageAccountSample\Program.cs:line 25
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at StorageAccountSample.Program.<Main>d__0.MoveNext() in C:\Users\tasou\source\repos\StorageAccountSample\StorageAccountSample\Program.cs:line 13
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at StorageAccountSample.Program.<Main>(String[] args)
Inner Exception 1:
AggregateException: The DefaultAzureCredential failed due to an unhandled exception: SharedTokenCacheCredential failed with unhandled exception The authentication request failed due to an unhandled exception. See inner exception for details..
Inner Exception 2:
CredentialUnavailableException: Environment variables not fully configured. AZURE_TENANT_ID and AZURE_CLIENT_ID must be set, along with either AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD. Currently set variables [ AZURE_USERNAME ]
It appears that when multiple accounts are available, SharedTokenCacheCredential expected AZURE_USERNAME
to disambiguate. However, since EnvironmentCredential
runs first, it reports an error.
How can I use DefaultCredential
when using multiple accounts in VS? I would expected Tools->Options->Azure Service Authentication->Account Selection
in VS would be honored but it does not seem to be (which works with Microsoft.Azure.Services.AppAuthentication
.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:8
- Comments:42 (9 by maintainers)
Top GitHub Comments
I’m running in Visual Studio Code and am just authenticated via the command line using
az login
. When I runaz account list
is it lists multiple accounts, but one account is set to"isDefault": true
. DefaultAzureCredential does not seem to be respecting that flag, so this seems to be broken whether you are using Visual Studio or not.Please fix! This unnecessarily complicates the local development environment.
Update to my issue above
I created new user in Azure AD and used that to log in. This user is separate from that I used to create/login to the Azure Subscription. It works fine with the new user.
FWIW, I have written out the different options I used to get DefaultAzureCredential work on my local machine here