DefaultAzureCredential failed to retrieve a token from the included credentials #10
Description
Im having issues acquiring an access token for use with this Azure Maps library.
Environment: .NET Core 7.0 using DefaultAzureCredential.
Testing in local development using an account that is logged in to Microsoft through Visual Studio.
I am successfully using the same account with DefaultAzureCredential for connecting to all other services in my app, such as Azure KeyVault, Blob Storage, Azure SignalR etc. So I dont beleive there is an issue with the user account being used in attemtping to acquire this token.
In my Azure Maps Account, I have double checked that my user account has the required role assignment "Reader" in the Access Control (IAM) menu blade.
I have tried re-logging in to Microsoft via Visual Studio but made no difference.
Sample code from my Controller:
private static readonly DefaultAzureCredential tokenProvider = new(new DefaultAzureCredentialOptions()
{
Diagnostics =
{
LoggedHeaderNames = { "x-ms-request-id" },
LoggedQueryParameters = { "api-version" },
IsLoggingContentEnabled = true
},
TenantId = "d66310f1d-6de38-4f76-a23f-875dae78643e",
//ExcludeAzureCliCredential = true,
//ExcludeAzurePowerShellCredential = true,
//ExcludeInteractiveBrowserCredential = true,
//ExcludeManagedIdentityCredential = true,
//ExcludeEnvironmentCredential = true,
//ExcludeSharedTokenCacheCredential = true,
//ExcludeVisualStudioCodeCredential = true,
});
private AccessToken AccessToken { get; set; }
[HttpGet]
[Authorize(Policy = AuthorizationPolicies.AssignmentToViewMapsRoleRequired)]
public async Task<IActionResult> GetAzureMapsToken()
{
using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();
try
{
// tokenProvider will cache the token in memory, if you would like to reduce the dependency on Azure AD we recommend
// implementing a distributed cache combined with using the other methods available on tokenProvider.
AccessToken = await tokenProvider.GetTokenAsync(new TokenRequestContext(new string[] { "https://atlas.microsoft.com/.default" }));
}
catch (Exception ex)
{
var ex1 = ex;
}
return Ok(AccessToken.Token);
}
I get the following logs output, but I cant see any details that gives me any means to properly troubleshoot the issue:
[Informational] Azure-Identity: DefaultAzureCredential.GetToken invoked. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId:
[Informational] Azure-Identity: EnvironmentCredential.GetToken invoked. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId:
[Informational] Azure-Identity: EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId: Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://atlas.microsoft.com/.default ] ParentRequestId:
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] MSAL MSAL.NetCore with assembly version '4.51.0.0'. CorrelationId(11466bb9-b852-41b6-ac6d-964050a73fdc)
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc]
=== Request Data ===
Authority Provided? - True
Scopes - https://atlas.microsoft.com/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 11466bb9-b852-41b6-ac6d-964050a73fdc
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] === Token Acquisition (ClientCredentialRequest) started:
Scopes: https://atlas.microsoft.com/.default
Authority Host: login.microsoftonline.com
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] [Region discovery] Not using a regional authority.
[Informational] Azure-Identity: False MSAL 4.51.0.0 MSAL.NetCore .NET 7.0.4 Microsoft Windows 10.0.19045 [2023-04-04 21:50:55Z - 11466bb9-b852-41b6-ac6d-964050a73fdc] [Instance Discovery] Skipping Instance discovery because it is disabled.
[Informational] Azure-Core: Request [a9ced34e-0ee6-4582-a392-508a0c5c751f] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED
Metadata:REDACTED
x-ms-client-request-id:a9ced34e-0ee6-4582-a392-508a0c5c751f
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.8.2 (.NET 7.0.4; Microsoft Windows 10.0.19045)
client assembly: Azure.Identity