We're trying to access a secret from Azure keyvault.
The code tries to get an access token that will then be used to retrieve the secret from the keyvault.
private async Task<string> GetAccessToken(string authority, string resource, string scope)
{
...
return this.useGlobalMsiRunAs ?
await tokenProviderGlobal.Value.KeyVaultTokenCallback(authority, resource, scope) :
await tokenProvider.Value.KeyVaultTokenCallback(authority, resource, scope);
}
useGlobalMsiRunAs is set to false and the code calls tokenProvider.Value.KeyVaultTokenCallback(...).
The above call fails with Access token could not be acquired. The operation was canceled
---> Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net//xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. The operation was canceled.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net//xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Environment variable LOCALAPPDATA not set.
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net//xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired.
at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.GetAuthResultAsyncImpl(String resource, String authority, CancellationToken cancellationToken)
at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.<get_KeyVaultTokenCallback>b__12_0(String authority, String resource, String scope)
at abc.xyz.Common.Service.AzureKeyVaultAccess.GetAccessToken(String authority, String resource, String scope) in d:\dbs\el\manb\private\ClientCenter\MT\Source\Common\ClientCenter.Common.NetStandard\Service\AzureKeyVaultAccess.cs:line 472
at Microsoft.Azure.KeyVault.KeyVaultCredential.PostAuthenticate(HttpResponseMessage response)
at Microsoft.Azure.KeyVault.KeyVaultCredential.ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretWithHttpMessagesAsync(String vaultBaseUrl, String secretName, String secretVersion, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretAsync(IKeyVaultClient operations, String vaultBaseUrl, String secretName, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
We are using a managed identity, so the answer in this question didn't help.
Can someone please give some leads as to what could be wrong here?
