External nuget has DefaultAzureCredential() for auth token creation, which fails while debugging in local visual studio

Question

My Project is using a nuget which implementing auth token validation using DefaultAzureCredential() based SecretClient creation for reading azure keyvault.

Due to DefaultAzureCredential follows following order for auth, my code gives mangedIdentity expection while running code in visualStudio. What shall be done to enable local debugging of code smoothly, can we change this order or can we change the code for debug mode in external nuget?

EnvironmentCredential

WorkloadIdentityCredential

ManagedIdentityCredential

AzureDeveloperCliCredential

SharedTokenCacheCredential

VisualStudioCredential

VisualStudioCodeCredential

AzureCliCredential

AzurePowerShellCredential

InteractiveBrowserCredential

https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet

Exception details: (comes while debugging on local) Message:

Azure.Identity.AuthenticationFailedException : ManagedIdentityCredential authentication failed: Method not found: '!0 Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscovery(Boolean)'.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
---- System.MissingMethodException : Method not found: '!0 Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscovery(Boolean)'. 

Answer 1

enable local debugging of code smoothly

Thanks @christothes for the steps.

To authenticate with Visual Studio credentials, we need to check the Azure credentials in VS.

• Same account has to be configured where your Azure Subscription is active.

• If you have multiple accounts configured then Apply filter and select the correct tenant and domain.

• Make sure you have installed the latest version of Azure.Identity and Azure.Security.KeyVault.Secrets.

 <ItemGroup>
    <PackageReference Include="Azure.Identity" Version="1.8.2" />
    <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.5.0" />
  </ItemGroup>

I have created an ASP.NET Core Application and trying to retrieve secrets from Azure Key Vault.

In appsettings.json, add the KeyVaultURL.

  "KeyVaultURL": "https://harshiithakv.vault.azure.net/"

With the below code Iam able to retrieve the secret without any issues. Program.cs :

using Azure.Identity;
using Azure.Security.KeyVault.Secrets;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddControllersWithViews();

var keyVaultURL = builder.Configuration["KeyVaultURL"];
var secretClient = new SecretClient(new Uri(keyVaultURL), new DefaultAzureCredential());
var KVSecret = secretClient.GetSecret("KVSecret").Value;
Console.WriteLine(KVSecret.Value);

var app = builder.Build();

if (!app.Environment.IsDevelopment())
{
    app.UseExceptionHandler("/Home/Error");  
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.MapControllerRoute(
    name: "default",
    pattern: "{controller=Home}/{action=Index}/{id?}");
app.Run();

Output:

can we change this order or can we change the code for debug mode in external nuget?

As suggested by cognophile, instead of changing the order try to enable only the authentication which you want to try and check once.