Reputation: 11
Facing Issues while retrieving token for local development in c# via Azure.Identity
I am developing a azure function which needs to connect to Microsoft Dataverse via managed Identity. During local development I have added my azure account in visual studio and selected for azure function authentication. I'm using the below code to access token :
var vsCred = new VisualStudioCredential();
var tok = await vsCred.GetTokenAsync(
new TokenRequestContext(new[] { "CLIENT ID of managed identity" }),default
);
But getting this error : System.Private.CoreLib: Exception while executing function: ManagedIdentityTestFxn. System.Private.CoreLib: Process "C:\Program Files\Microsoft Visual Studio\2022\Professional\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS65001: The user or administrator has not consented to use the application with ID '' named 'VS with native MSA'. Send an interactive authorization request for this user and resource. Azure AD Permissions : enter image description here enter image description here I tried giving admin consent but still facing the same issue. enter image description here enter image description here
Upvotes: 1
Views: 1099
Answers (1)
Reputation: 5570
Instead of using VisualStudioCredential you can use this DefaultAzureCredential to get access an token like below:
using Azure.Core;
using Azure.Identity;
string userAssignedClientId = "<your managed identity client Id>";
var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = userAssignedClientId });
var accessToken = credential.GetToken(new TokenRequestContext(new[] { "https://vault.azure.net" }));
// To print the token, you can convert it to string
String accessTokenString = accessToken.Token.ToString();
//You can use the credential object directly with Key Vault client.
var client = new SecretClient(new Uri("https://myvault.vault.azure.net)",credential);
Alternatively, you can run the below PowerShell script In the kudo console of your function app like below
$resourceURI ="https://admin.services.crm.dynamics.com"
$client_id = "dd8770dc-cbae-43f0-a36d-e27XXXXX"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&client_id=$client_id&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
I tried to reproduce the same in my environment with powershell script and got the results like below:
I have a function app where I added managed identity like this:
Go to kudo console in function app, Now open kudo console by selecting the advancedtool in your function App :
Now I selected powershell and ran the script like below:
$resourceURI ="https://admin.services.crm.dynamics.com"
$client_id = "dd8770dc-cbae-43f0-a36d-e27XXXXX"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&client_id=$client_id&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
When I ran the $accessToken I got the token successfully like below:
Reference:
Upvotes: 1
Related Questions
- Cypress get element inside each
- Cypress UI - get an element inside double within block
- Cypress can't find button in pop up modal
- identifying the web element in cypress
- How to find an element in Cypress on a specific line
- Cypress identify a document element inside DOM
- Unable to access modal-dialogue in cypress
- How to get an element that has a dynamic selector in Cypress
- Cypress finding DOM element using multiple contains
- Find element by HTML in Cypress