I have encountered a strange behavior when trying to connect to Azure App Configuration with an Azure Identity from an ASP.Net Web Application. Current environment is .Net Framework 4.8, but the behavior is the same on 4.7.2 and 4.6.1.
I am using Microsoft.Extensions.Configuration.AzureAppConfiguration 4.0.0 and Azure.Identity 1.3.0. During local development I am using a service principal (AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET defined in environment) and on Azure the system assigned ManagedIdentity of the app service.
private IConfiguration GetConfiguration(string label = null)
{
TokenCredential credential = new DefaultAzureCredential();
return new Microsoft.Extensions.Configuration.ConfigurationBuilder()
.AddAzureAppConfiguration(options =>
{
options = options.Connect(
new Uri(Environment.GetEnvironmentVariable("APP_CONFIGURATION_ENDPOINT")), credential)
.ConfigureKeyVault(kv => { kv.SetCredential(credential); });
if (!string.IsNullOrEmpty(label))
{
options.Select(KeyFilter.Any, label);
}
else
{
options.Select(KeyFilter.Any, LabelFilter.Null);
}
})
.Build();
}This code snippet works, when executed during application startup, e.g. RouteConfig. All subsequent calls are working, also refresh does work without problems.
The problems are starting when first calling App Configuration at a later time, e.g. during a request. The code hangs without an error message. In my special situation I am not able to connect to Azure App Configuration at startup time.
When using .Net Core, everything works like a charm but currently this is not an option.
Here are the logs.
When executed during startup:
Starting IIS Express ... Successfully registered URL "http://localhost:5000/" for site "AppConfigTest3" application "/" Registration completed for site "AppConfigTest3" IIS Express is running. Enter 'Q' to stop IIS Express Loading configuration ... Created DefaultAzureCredential: Azure.Identity.DefaultAzureCredential Using Azure environment Created ManagedIdentityCredential: Azure.Identity.DefaultAzureCredential Connected via APP_CONFIGURATION_ENDPOINT: https://my-test-appconfig.azconfig.io Before configure KeyVault credential After configure KeyVault credential Before executing Build() EscalationMonitorInterval: 300 Created DefaultAzureCredential: Azure.Identity.DefaultAzureCredential Using Azure environment Created ManagedIdentityCredential: Azure.Identity.DefaultAzureCredential Connected via APP_CONFIGURATION_ENDPOINT: https://my-test-appconfig.azconfig.io Before configure KeyVault credential After configure KeyVault credential Before executing Build() Azure Config loaded Anforderung gestartet: "GET" http://localhost:5000/
If called the first time during a request, I’m getting the following log:
Starting IIS Express ... Successfully registered URL "http://localhost:5000/" for site "AppConfigTest3" application "/" Registration completed for site "AppConfigTest3" IIS Express is running. Enter 'Q' to stop IIS Express Azure Config loaded Anforderung gestartet: "GET" http://localhost:5000/ Response sent: http://localhost:5000/ with HTTP status 200.0 Anforderung gestartet: "GET" http://localhost:5000/Home/About Loading configuration ... Created DefaultAzureCredential: Azure.Identity.DefaultAzureCredential Using Azure environment Created ManagedIdentityCredential: Azure.Identity.DefaultAzureCredential Connected via APP_CONFIGURATION_ENDPOINT: https://my-test-appconfig.azconfig.io Before configure KeyVault credential After configure KeyVault credential Before executing Build()
Nothing happens and the request does not return.
I’m stucked at this point. Does someone has a solution for this problem? Thank you.
Regards,
Stati
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This is because of a bug introduced in Azure.Core package version 1.4.1. The bug has been fixed in Azure.Core version 1.9.0. Since you are referencing Azure.Identity version 1.3.0, you have an indirect dependency on Azure.Core version 1.6.0.
Your problem can be fixed by adding an explicit dependency on Azure.Core v1.9.0 or later.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0
