Reputation: 201
DefaultAzureCredential exception with multiple accounts in Visual Studio 2019
I ran into the following scenario and eventually figured out the issue:
I have an ASP.NET application that has a runtime dependency on an Azure Key Vault, via a AzureKeyVaultConfigBuilder. Running from my local machine using Visual Studio 2019, it is able to access the Key Vault if only my work (@microsoft.com) account is added to Visual Studio. However, if I have both my personal Microsoft account (@live.com) and my work account (@microsoft.com) added to Visual Studio, the application attempts to authenticate against the Key Vault using my personal Microsoft account (@live.com), when it should be using the work (@microsoft.com) account.
With both accounts logged into Visual Studio, I receive the following exception:
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: The configBuilder 'AzureKeyVault' failed while processing the configuration section 'appSettings'.: Error in Configuration Builder 'AzureKeyVault'::GetValue(AzureStorageConnectionString)
Source Error:
Line 32: </builders>
Line 33: </configBuilders>
Line 34: <appSettings configBuilders="AzureKeyVault">
Line 35: <add key="AzureStorageConnectionString" value="" />
Line 36: </appSettings>
Source File: C:\<path to ASP.NET Web project>\web.config Line: 34
Click here to show additional error information:
Exception Details: Azure.Identity.CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials.
EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
ManagedIdentityCredential authentication unavailable, no managed identity endpoint found.
SharedTokenCacheCredential authentication unavailable. Multiple accounts were found in the cache. Use username and tenant id to disambiguate.
Upvotes: 2
Views: 7508
Answers (1)
Reputation: 201
I went through a lot of trial-and-error, setting credentials at the Environment variable level, Visual Studio level, and the Azure CLI level, but none of these were being respected when multiple accounts were registered in Visual Studio.
The issue was with the Azure.Identity package that is used to authenticate ASP.NET applications against Azure for development environments. I had version 1.1.1 of the package installed. Multiple issues with concurrent calls to DefaultAzureCredential have been fixed in versions 1.2.0 and 1.3.0. As such, updating to version 1.3.0 solved my issue and properly respected the setting of the VisualStudioCredential.
DefaultAzureCredential specifies a control flow of fetching different authentication tokens from various sources.
Upvotes: 9
Related Questions
- Can not log in into Azure account from Visual Studio 2019
- Azure App Service with User-Assigned Managed Identity crashes application
- Azure ad login issue we couldn't sign in you
- User.Identity no longer set in Azure web app with Authentication enabled
- Visual Studio keep requesting to choose azure account even if logged in
- Azure error: DefaultAzureCredential authentication failed
- DefaultAzureCredential in Visual Studio dev fails to find a suitable user
- Login to Azure Web Application fails with 'AADSTS50079: The user is required to use multi-factor authentication'
- Microsoft authentication ID
- Azure error when sign in with different user