I have .NET application which connect with azure app config local development environment. its working fine with connection string of azure app config. but when I try with service principle identity it failed it give 403.
string tenantId = "mytenatID";
string clientId = "MyCLientID";
string clientSecret = "MySecreat";
#if DEBUG
Environment.SetEnvironmentVariable("AZURE_TENANT_ID", tenantId);
Environment.SetEnvironmentVariable("AZURE_CLIENT_ID", clientId);
Environment.SetEnvironmentVariable("AZURE_CLIENT_SECRET", clientSecret);
#endif
builder.Configuration.AddAzureAppConfiguration(options =>
options.Connect(
new Uri(builder.Configuration["AppConfig:Endpoint"]),
new ManagedIdentityCredential()));
}
catch (Exception ex)
{
throw;
}
Also I added My tenantId clientID and secrets in
Also I added proper permission for Azure AD AP permission and also added service principle in azure app config IM with contributor role.
I also tried
var credentialccc = new DefaultAzureCredential(new DefaultAzureCredentialOptions
{
// ExcludeEnvironmentCredential = true,
// ExcludeManagedIdentityCredential = true,
ExcludeVisualStudioCredential = true,
ExcludeAzureCliCredential = true,
ExcludeAzurePowerShellCredential = true,
ExcludeSharedTokenCacheCredential = true
});
and
builder.Configuration.AddAzureAppConfiguration(options =>
options.Connect(
new Uri(builder.Configuration["AppConfig:Endpoint"]),
new **DefaultAzureCredential**()));
All attempts giving me 403 issue in local development. Let me know any one also faces similar issue
I created one Azure App Configuration named testappconfig01
with below keys and values:
Initially, I too got 403 error when I tried to connect Azure App Config with service principal having Contributor role as it does not grant direct access to the data using Microsoft Entra ID:
To resolve the error, you need to assign roles like App Configuration Data Owner or App Configuration Data Reader to the service principal under App Config, based on your requirement:
In my case, I used below code to connect with Azure App Config and got the response with key value successfully like this:
using Azure.Identity;
using Azure.Data.AppConfiguration;
using Azure;
try
{
string tenantId = "tenantId";
string clientId = "appId";
string clientSecret = "secret";
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
var client = new ConfigurationClient(
new Uri("https://testappconfig01.azconfig.io"),
credential);
var setting = client.GetConfigurationSetting("key_name");
Console.WriteLine(setting.Value);
}
catch (RequestFailedException ex)
{
Console.WriteLine($"Received a {ex.Status} status code with message: {ex.Message}");
}
catch (Exception ex)
{
Console.WriteLine($"An unexpected error occurred: {ex.Message}");
}
Response:
Reference: Authorize access to Azure App Configuration using Microsoft Entra ID