I have a user assigned managed identity provisioned at Azure AD level. There is Azure AD protected REST API with AppRole: CustomRole. Managed identity has been assigned with the permission: CustomRole with Type : Application.
I am trying to get the access token using ASP.NET Core 3.1 with the below code :
public async Task<string> GetL10AccessTokenAsync()
{
var token = await GetTokenUsingManagedIdentityAsync("<ClientId of the REST API>").ConfigureAwait(false);
var accessToken = token.Token;
return accessToken;
}
public async Task<AccessToken> GetTokenUsingManagedIdentityAsync(string azureServiceKey)
{
var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions
{
ManagedIdentityClientId = ConfigManager.Get(UserAssignedClientId),
ExcludeEnvironmentCredential = true,
ExcludeInteractiveBrowserCredential = true,
ExcludeAzurePowerShellCredential = true,
ExcludeSharedTokenCacheCredential = true,
ExcludeVisualStudioCodeCredential = true,
ExcludeVisualStudioCredential = false,
ExcludeAzureCliCredential = true,
ExcludeManagedIdentityCredential = false
});
var tokenRequestContext = new TokenRequestContext(new[] { ConfigManager.Get(azureServiceKey) });
return await credential.GetTokenAsync(tokenRequestContext, default).ConfigureAwait(false);
}
On running the above code from my local development environment using Visual Studio 2022 (Enterprise edition), I am getting the below error :
{
"ErrorCode": 500,
"Message": "DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot\r\n- WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot\r\n- ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.\r\n- Process \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\Common7\\IDE\\CommonExtensions\\Microsoft\\Asal\\TokenService\\Microsoft.Asal.TokenService.exe\" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'WAM Error \r\n Error Code: 3399614476 \r\n Error Message: SubError: consent_required V2Error: invalid_grant AADSTS65001: The user or administrator has not consented to use the application with ID '04f0c124-f2bc-4f59-8241-bf6df9866bbd' named 'Visual Studio'. Send an interactive authorization request for this user and resource. Trace ID: 54bf2c95-47c4-46d6-a5e7-7fbe54812600 Correlation ID: 187a7568-4146-4ec2-a605-a808af9450a1 Timestamp: 2024-02-20 10:32:19Z \r\n Internal Error Code: 557973645 \r\n'.\r\n- Azure Developer CLI could not be found.",
"Type": "CredentialUnavailableException",
"StackTrace": " at Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(TokenCredential[] sources, TokenRequestContext requestContext, Boolean async, CancellationToken cancellationToken)\r\n at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)\r\n at Azure.Identity.DefaultAzureCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n at Azure.Identity.DefaultAzureCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)\r\n",
"InnerException": "Multiple exceptions were encountered while attempting to authenticate. (WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/workloadidentitycredential/troubleshoot) (ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.) (Process \"C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\Common7\\IDE\\CommonExtensions\\Microsoft\\Asal\\TokenService\\Microsoft.Asal.TokenService.exe\" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'WAM Error \r\n Error Code: 3399614476 \r\n Error Message: SubError: consent_required V2Error: invalid_grant AADSTS65001: The user or administrator has not consented to use the application with ID '04f0c124-f2bc-4f59-8241-bf6df9866bbd' named 'Visual Studio'. Send an interactive authorization request for this user and resource. Trace ID: xxxx-xxxx-xxxx-xxxx-xxxxxx Correlation ID: xxxxx-xxxxx-xxxx-xxxx-xxxxxxx Timestamp: xxxx-xx-xx yy:yy:yyy \r\n Internal Error Code: 557973645 \r\n'.) (Azure Developer CLI could not be found.)"
}
Can anyone please help me here by providing their guidance
Be sure an account is selected that has permissions to your azure resources in this Visual Studio option...