Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
App Service user-assigned MSI authentication
See original GitHub issueHello, I’m having issues making App Service MSI authentication work. I went through this tutorial to set up a user-assigned managed identity. But I still can’t make it work.
The authentication part of my tedious config is
type: 'azure-active-directory-msi-app-service',
options: {
clientId: client_ID_of_the_user_assigned_MSI
}
The error I’m getting at runtime is:
ConnectionError: Security token could not be authenticated or authorized.
at ConnectionError (/home/site/wwwroot/node_modules/tedious/lib/errors.js:13:12)
at /home/site/wwwroot/node_modules/tedious/lib/connection.js:2843:61
at getTokenFromCredentials (/home/site/wwwroot/node_modules/tedious/lib/connection.js:2809:24)
at /home/site/wwwroot/node_modules/@azure/ms-rest-nodeauth/dist/lib/login.js:645:24
at /home/site/wwwroot/node_modules/@azure/ms-rest-js/dist/msRest.node.js:363:13
at processTicksAndRejections (internal/process/task_queues.js:97:5) {
code: 'EFEDAUTH'
}
I saw that @azure/ms-rest-nodeauth is being deprecated for @azure/identity. Could that be why it’s not working?
Issue Analytics
- State:
- Created 3 years ago
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Managed identities - Azure App Service - Microsoft Learn
A user-assigned identity is a standalone Azure resource that can be assigned to your app. An app can have multiple user-assigned identities. Add ......
Read more >Using Managed Service Identity (MSI) to authenticate on ...
A user-assigned managed identity is created as a standalone Azure resource. Through a create process, Azure creates an identity in the Azure AD ......
Read more >App Service managed identity connection to Azure SQL ...
Attempts to run the application using the managed identity connection string is consistently failing with the token-provider principal login ...
Read more >Use Managed Identities in App Service with HTTP REST ...
Create resources and grant permissions. Under App Service's Identity, enable system-assigned identity or user-assigned identity. Then add it to target ...
Read more >Azure Provider: Authenticating via Managed Identity | Guides
Azure Provider: Authenticating via a Service Principal and a Client Certificate ... for user assigned identity export ARM_MSI_ENDPOINT=$MSI_ENDPOINT # only ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@IanChokS That worked! Sorry for the delay, I had some trouble rebuilding the module with your PR changes, but the user-assigned MSI authentication worked nicely in the end. Would be great if this can be merged into master!
That is interesting. I am not familiar with the inner details here for quick answer. If you can log an issue in the ms-rest-nodeauth repo with details on your set up (preferably outside of tediousjs 😃), then we can take a deeper look and update the docs as needed
Yes, but the progress is slow at the moment. For now,
@azure/ms-rest-nodeauthis supported and will take bug fixes, but we will not be adding any new features.