How to connect to an Azure Key Vault in Blazor WASM (not Hosted)?

Question

I have been working on a personal project, where I host on my Blazor WASM on Azure Static Web Apps. As it is not designed to be run with Blazor Server, I had to use Blazor WASM but I've run into issues connecting to Azure Key Vault.

When I run the following code, I get an

System.PlatformNotSupportedException: Operation is not supported on this platform.

exception when it runs _client.GetSecret(key):

SecretClientOptions options = new SecretClientOptions()
{
    Retry =
    {
        Delay= TimeSpan.FromSeconds(2),
        MaxDelay = TimeSpan.FromSeconds(16),
        MaxRetries = 5,
        Mode = RetryMode.Exponential
    }
};
_client = new SecretClient(new Uri("{keyvault URL}"), new DefaultAzureCredential(), options);
KeyVaultSecret secret = _client.GetSecret(key);

The code is from this learn article: https://learn.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app

After having searched around for an explanation on this exception, I have seen it happen to other Azure packages for people using Blazor WASM. From what I could tell, it seems to be because the WASM HttpClient variant doesn't function quite the same compared to a Blazor Server or other .NET applications, and therefore does not work with the Azure packages.

Am I correct in this assumption? If so, what would the alternative be that Azure Static Web Apps can support? Is Blazor WASM Hosted the way to go, or something else entirely?

Answer 1

How to connect to an Azure Key Vault in Blazor WASM (not Hosted)?

Check the below steps to connect to Azure KeyVault for a non hosted Blazor WASM Application.

To retrieve secrets from Key Vault, we need to register the Application in Azure Active Directory even if it is not hosted in Azure.

Navigate to Azure Portal => Azure Active Directory => App regsitrations => New registration.

• In the newly registered App, make a note of ClientID,TenantID (which are required for later use, need to provide those in Blazor WASM Application).

• Create an Azure Key Vault.

Provide the required Access Policies to read the secrets in Application.

• Select the required permissions. I have selected Get,List permissions.

• Under Principal, search with the name which you have provided in New App Registrations and select it and continue with the next steps.

• In Key Vault, create a Secret.

Create a Blazor WASM Application.

• Add the Microsoft.Identity.Client NuGet Package.

Follow the code from SO Thread to retrieve the Secret.

what would the alternative be that Azure Static Web Apps can support? Is Blazor WASM Hosted the way to go, or something else entirely?

To retrieve the secrets from the Blazor WASM running on Azure Static WebApps, we need to go with Azure Functions.

Even for a non Hosted Application , make sure you are registering the Application in Azure Active Directory and provide the required permissions in Azure Key Vault.