My web application retrieves its secrets from our company's shared Azure Key Vault, and the permissions for that are granted via RBAC (role-based access control). This works great normally, but on my new computer I am getting the following error....
Exception thrown: 'Azure.Identity.AuthenticationFailedException' in System.Private.CoreLib.dll
An unhandled exception of type 'Azure.Identity.AuthenticationFailedException' occurred in System.Private.CoreLib.dll
ManagedIdentityCredential authentication failed: Access to the path 'C:\ProgramData\AzureConnectedMachineAgent\Tokens\20f36e17-204a-4e08-b190-bda27a9402cb.key' is denied.
The credentials instance is being loaded via the following code:
credentials = new DefaultAzureCredential(new DefaultAzureCredentialOptions()
{
VisualStudioTenantId = tenantId,
SharedTokenCacheTenantId = tenantId,
VisualStudioCodeTenantId = tenantId,
InteractiveBrowserTenantId = tenantId,
});
Strangely, this only happens on my new computer. My kneejerk response is to run VS2022 as administrator, but other developers are running it as themselves and are not having this issue.
Anyone run into this before?
I managed to resolve the error, at least in this instance, by excluding Managed Identity Credential from the list of sources when instantiating the DefaultAzureCredential class. You can do this via the DefaultAzureCredentialOptions class like so:
credentials = new DefaultAzureCredential(new DefaultAzureCredentialOptions()
{
VisualStudioTenantId = tenantId,
SharedTokenCacheTenantId = tenantId,
VisualStudioCodeTenantId = tenantId,
InteractiveBrowserTenantId = tenantId,
ExcludeManagedIdentityCredential = true // <-- added this line
});
Still not sure what actually causes the issue though.