2

I have a ASP.NET webforms application in which I'm using Azure Key Vault in association with Azure Active directory. I've used the guide found here https://azure.microsoft.com/en-us/documentation/articles/storage-encrypt-decrypt-blobs-key-vault/ for getting a token from Azure Active Directory for my application and using it to access my key vault, which I'm ultimately using for storage encryption. Everything works well the first time the application requests a token, but after the token expires (an hour later). The application will not retrieve a new token as it should. I'm using the latest stable release Microsoft.IdentityModel.Clients.ActiveDirectory 2.19.208020213, and did try the latest pre-release (3.5.208051316-alpha) as well.

The GetToken method looks like this

 Public Async Function GetToken(authority As String, resource As String, scope As String) As Task(Of String)
    Dim authContext = New AuthenticationContext(authority)
    Dim clientCred As New ClientCredential(CloudConfigurationManager.GetSetting("ClientID"), CloudConfigurationManager.GetSetting("ClientSecret"))
    System.Diagnostics.Trace.TraceInformation("Attempting to acquire auth token")
    Dim result As AuthenticationResult = await authContext.AcquireTokenAsync(resource, clientCred)
   System.Diagnostics.Trace.TraceInformation("Auth returned")
    If result Is Nothing Then
        System.Diagnostics.Trace.TraceInformation("Auth was null")
        Throw New InvalidOperationException("Failed to obtain the JWT token")
    End If
     System.Diagnostics.Trace.TraceInformation("Returning auth access token")
    Return result.AccessToken
End Function

Which is used here to get a connection to the key vault

Dim cloudResolver As New KeyVaultKeyResolver(AddressOf GetToken)

The GetToken method just hangs at AcquireTokenAsync. I've turned on verbose logging in ADAL and this is what the log shows and it stops and GetToken never returns.

-Application: 2015-09-21T17:12:13  PID[8884] Information 9/21/2015 5:12:13 PM: 19ce5dc3-d618-48e9-8bbd-c5b3ad31bfc2 - TokenCache: Looking up cache for a token...
-Application: 2015-09-21T17:12:13  PID[8884] Information 9/21/2015 5:12:13 PM: 19ce5dc3-d618-48e9-8bbd-c5b3ad31bfc2 - TokenCache: An item matching the requested resource was found in the cache
-Application: 2015-09-21T17:12:13  PID[8884] Information 9/21/2015 5:12:13 PM: 19ce5dc3-d618-48e9-8bbd-c5b3ad31bfc2 - TokenCache: An expired or near expiry token was found in the cache
-Application: 2015-09-21T17:12:13  PID[8884] Information 9/21/2015 5:12:13 PM: 19ce5dc3-d618-48e9-8bbd-c5b3ad31bfc2 - TokenCache: An old item was removed from the cache

Further, I tried turning off token caching by setting the token cache to Nothing and then ADAL wouldn't even retrieve the access token the first time.

mmeyer
  • 69
  • 2
  • 10

1 Answers1

2

I found the answer in this similar question Azure KeyVault Active Directory AcquireTokenAsync timeout when called asynchronously

The key was to remove any of these and replace the them with await

.GetAwaiter().GetResult()

For example this was the original

Dim theKey = cloudResolver.ResolveKeyAsync($"{CloudConfigurationManager.GetSetting("KeyVaultUrl")}Secret/", CancellationToken.None).GetAwaiter().GetResult()

Which has been replaced with

Dim theKey = await cloudResolver.ResolveKeyAsync($"{CloudConfigurationManager.GetSetting("KeyVaultUrl")}Secret/", CancellationToken.None)
Community
  • 1
  • 1
mmeyer
  • 69
  • 2
  • 10