CODEWITHSUNDEEP
c#azure.net-coreazure-keyvault
Jesse Myers
Jesse Myers

Reputation: 69

Azure Key Vault: AADSTS700024: .NET Core, Linux Container. Client assertion is not within its valid time range

I've been having trouble connecting to Azure Key Vault from a ASP .NET Core app running inside docker container.

The app is using clientID/Certificate to authenticate with the vault. I have made an app registration and granted permission to it for using the vault.

When I run the app inside docker I keep getting this error:

Unhandled exception. Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS700024: Client assertion is not within its valid time range. Current time: 2020-03-11T00:06:34.4692395Z, expiry time of assertion 2020-03-10T11:40:33.0000000Z.

NuGet: Microsoft.Extensions.Configuration.AzureKeyVault v3.1.2
Nuget: Microsoft.Azure.KeyVault v.3.0.5
NuGet: Microsoft.Azure.Services.AppAuthentication v1.0.3
NuGet: Microsoft.IdentityModel.Clients.ActiveDirectory v3.14.2

Here is how the vault is configured inside ConfigureAppConfiguration

X509Certificate2Collection collection = new X509Certificate2Collection();
collection.Import(path, pwd, X509KeyStorageFlags.PersistKeySet);

var cert = collection[0];

config.AddAzureKeyVault(
                         vault,
                         clientId: builtConfig["ApplicationId"],
                         certificate: cert);

Upvotes: 0

Views: 1302

Answers (1)

Jack Jia
Jack Jia

Reputation: 5549

It seems that the time in the Docker container is not synchronized. Some ASP.NET images have this issue: 3168

You may check the time zone and date by:

# Replace the image with yours
docker run -it mcr.microsoft.com/dotnet/framework/runtime:4.7.2-windowsservercore-1803 powershell

# Then check timezone and date in powershell 
Get-Timezone
Get-Date

Upvotes: 2

Related Questions