DefaultAzureCredential Failing for console app after redirect to localhost -localhost sent invalid response

I am using DefaultCredential to connect to build configuration from azure keyvault.

      var secretClient = new SecretClient(new Uri($"https://{keyvaultName}.vault.azure.net/"),
           new DefaultAzureCredential(true) 
           );

      IConfigurationRoot configuration = null;

      configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json")
             .AddEnvironmentVariables()
             .AddAzureKeyVault(secretClient, new PrefixKeyVaultSecretManager(environment))
             .AddUserSecrets<Program>().Build();

This was working earlier but now it is failing with interactive browser authentication. After selecting account, it is redirecting back to localhost and throwing error ("localhost sent an invalid response") I am using "Azure.Identity" Version="1.4.1" . I also tried with latest beta package(1.5.0-beta.4). Also Azure.Security.KeyVault.Secrets" Version="4.2.0"

Upvotes: 0

Answers (2)

Matt Varblow

Reputation: 7901

I was getting a similar error from a Windows app using interactive AzureAD authentication. It turned out to be the result of the localhost domain appearing in my Edge (and Chrome) HSTS policy cache. The Azure AD signin flow was trying to redirect to http://localhost:61425/?code=.... But because I had been developing an unrelated ASP.NET application on my machine that used the HSTS middleware (i.e. called app.UseHsts) my browser was remembering that policy and forcing the AzureAD signin redirect to https://localhost:61425/?code=.... That switch from http to https broke the redirect handling in my Windows app.

The solution was to delete the localhost domain from the browser's list of domain security policies.

In edge, type this in the address bar: edge://net-internals/#hsts

In Chrome: chrome://net-internals/#hsts