DefaultAzureCredential in Visual Studio dev fails to find a suitable user

Question

This is a cool feature that allows an app to get a token via Environment value, visual studio Azure Service Authentication or via MSI if running on Azure. It automatically steps through and find one that works. Great if you are running locally and want to deploy to a web app with MSI later on. It acquires a token from MSI or Visual Studio and some other places

It had been failing unexpectedly when it was working. I have been working with MSFT on this and I figured out what is happening. I'll post an answer.

Answer 1

In Visual Studio, you set the account in the options/Azure Service Authentication/Account Selection ok.

If you debug locally and you have multiple Azure accounts registered in visual studio, you also have to set an environment variable in the webapp properties/debug (or your PC env vars) and adding the env variable AZURE_USERNAME and your selected account email to let it know which one to use.

Here is the problem - if the upper/lower case of your account id does not match the environment variable, it will not connect the two and will not use your visual studio account to authorize. An easy mistake if you add the env variable to the debug properties long after you registered visual studio accounts.

So - check the account on the tools/options/Azure Service Authentication/Account Selection and make sure the case of the AZURE_USERNAME variable is exactly the same.

The github issues is here and a fix is planned.

HTH. M.