4

The team I work in is looking into debugging future projects in Visual Studio Code. We have set the debugger to work with our project.The project uses Azure Key Vault for our Application Secrets. The issue is that our Startup breaks when the debugger tries to pass the Azure KeyVault portion of the code and returns:

Exception has occurred: CLR/Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException

In Visual Studio I am signed in with my account and during debug Visual Studio is able to pull the access token from my account.

I tried to sign in using Azure Account Visual Studio Code Extension before attempting to start the debug but it returns the same exception even when I am signed in.

My code for getting the Azure KeyVault looks like this:

        AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
        KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));

        AzureADAppSettings azureADAppSettings = Configuration.GetSection("Authentication").GetSection("AzureAd").Get<AzureADAppSettings>();
        if (azureADAppSettings.ApplicationSecret.StartsWith("https://"))
            azureADAppSettings.ApplicationSecret = keyVaultClient.GetSecretAsync(azureADAppSettings.ApplicationSecret).GetAwaiter().GetResult().Value;

I expected that the Azure Account would enable me to use Azure KeyVault the same way as in Visual Studio.

Instead the code breaks on exceptions.

Can someone tell me what I am doing wrong ?

Joy Wang
  • 39,905
  • 3
  • 30
  • 54
Jure Fadiga
  • 195
  • 2
  • 19

1 Answers1

4

I suppose you want to get the keyvault secret in the VS Code, I follow this link to create a .NET Core console app to have a try, it works on my side.

Make sure you have installed the extensions to run the code, Microsoft.Azure.Services.AppAuthentication and Microsoft.Azure.KeyVault NuGet packages.

To access the azure keyvault, I use the Authenticating with Azure CLI. Make sure you have installed the Azure CLI in local, then open Microsoft Azure Command Prompt, login with your user account, select the correct subscription which your keyvault located.

az login
az account set --subscription <subscription-id>

You can also try to use az account get-access-token --resource https://vault.azure.net to verify access, e.g. decode the token in https://jwt.io/ to see if it is in the correct tenant, etc.

Then in the VS Code, after create the console app in the VS Code, open the folder, the code in Program.cs like below.

using System;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.Services.AppAuthentication;

namespace test1
{
    class Program
    {
        static void Main(string[] args)
        {
            var azureServiceTokenProvider1 = new AzureServiceTokenProvider();
            var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider1.KeyVaultTokenCallback));
            var secret = kv.GetSecretAsync("https://keyvaultname.vault.azure.net/", "test2").GetAwaiter().GetResult();
            Console.WriteLine(secret);

        }
    }
}

enter image description here

Joy Wang
  • 39,905
  • 3
  • 30
  • 54