Hi devs,
A week ago I decided to make the switch, I made Windows my secondary OS, and Linux - the main one. I love Linux, but I am experiencing an issue. I started learning ASP.NET Core maybe like half an year ago. I created a small forum app with Visual Studio on ASP NET Core 3.1. It also uses azure key vault. It worked perfectly under Windows, but under Linux it doesn't work as expected.
Summary of the problem I am having:
When I try to connect to Azure key vault under Windows it works, because of VS, but under Linux it doesn't. It throws exception, that it couldn't get a token. I am familiar that under Linux it uses Azure CLI(I have it installed and I am logged in). The
shell command for getting a vault token also works. But when i run my code with dotnet run it just doesn't work. For IDE I am using Rider, but that's not important.
Error I am receiving:
Unhandled exception. Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: RunAs=App;, Resource: https://vault.azure.net, Authority: https://login.windows.net/4a06d40c-e447-42be-baef-dd0421ed10bd.
Exception Message: Tried to get token using Managed Service Identity. Unable to connect to the Managed Service Identity (MSI) endpoint. Please check that you are running on an Azure resource that has MSI setup.
at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.GetAuthResultAsyncImpl(String resource, String authority, CancellationToken cancellationToken)
at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.<get_KeyVaultTokenCallback>b__8_0(String authority, String resource, String scope)
at Microsoft.Azure.KeyVault.KeyVaultCredential.PostAuthenticate(HttpResponseMessage response)
at Microsoft.Azure.KeyVault.KeyVaultCredential.ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(String vaultBaseUrl, Nullable`1 maxresults, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, String vaultBaseUrl, Nullable`1 maxresults, CancellationToken cancellationToken)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration()
at Microsoft.Extensions.Hosting.HostBuilder.Build()
at ForumSystem.Web.Program.Main(String[] args) in /home/bruteforce/RiderProjects/ForumSystem-Web/src/Web/ForumSystem.Web/Program.cs:line 16
Process finished with exit code 6.
My code:
namespace ForumSystem.Web { using Microsoft.AspNetCore.Hosting; using Microsoft.Azure.KeyVault; using Microsoft.Azure.Services.AppAuthentication; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration.AzureKeyVault; using Microsoft.Extensions.Hosting; public static class Program { public static void Main(string[] args) { CreateHostBuilder(args).Build().Run(); } public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .ConfigureAppConfiguration( (ctx, builder) => { var keyVaultEndpoint = GetKeyVaultEndpoint(); if (!string.IsNullOrEmpty(keyVaultEndpoint)) { var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=App;"); var keyVaultClient = new KeyVaultClient( new KeyVaultClient.AuthenticationCallback( azureServiceTokenProvider.KeyVaultTokenCallback)); builder.AddAzureKeyVault( keyVaultEndpoint, keyVaultClient, new DefaultKeyVaultSecretManager()); } }) .ConfigureWebHostDefaults( webBuilder => { webBuilder.UseStartup<Startup>(); }); private static string GetKeyVaultEndpoint() => "https://myKeyVault.vault.azure.net/"; } }
The code I am using is copy pasted from docs and I added the RunAs=App connection string.
What I tried:
I assured that the Azure CLI is installed, logged into the account and that I am running the latest stable version of the CLI and .NET Core 3.1. I tried reinstalling Linux. Also I tried running the code with and without the connection string in the AzureServiceTokenPorvider. I just recieve a similar error in which I am told that it tried the 3 different ways and on the third(Azure CLI) it just says that the token couldn't be acquired. Of course I also tried reinstalling .NET Core and Azure CLI several times with no success.
I will be happy to provide any additional info if needed :)