Getting ManagedIdentityCredential authentication failed: Service request failed. Status: 500 (Internal Server Error)

Question

I am trying to call my webapp from Azure function using timer trigger, for which I am using DefaultAzureCredential. I have already enabled a system assigned managed identity for function app. The code for getting the token:

var ledgerName = _config["LEDGER_NAME"];
var defaultCredential = new DefaultAzureCredential();
var ledgerUri = $"https://{ledgerName}.confidential-ledger.azure.com";
var endpoint = new Uri(ledgerUri);
var ledgerClient = new ConfidentialLedgerClient(endpoint, defaultCredential);

When I test the consumption of my function in local it works fine, but when I deploy it to azure and consume it from there is when I get the following error:

ManagedIdentityCredential authentication failed: Service request failed.
Status: 500 (Internal Server Error)

Content:


Headers:
Date: Wed,
03 Jan 2024 05: 13: 11 GMT
Server: Kestrel
Transfer-Encoding: chunked
X-CORRELATION-ID: REDACTED
Content-Type: application/json; charset=utf-8

See the troubleshooting guide for more information. https: //aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot

Some properties are put in my local configuration file.settings.json, and those same ones I have added in the azure portal variables in my application.

Has anyone else had this happen? Is it necessary to do some extra configuration on the azure side?

Every contribution helps me, thank you very much.

the result I expect from my function is a json, which makes use of confidential ledger, in order to store the hash to create the certificate.

Answer 1

In Portal, Ledger creation there is option to select only users or Certificate as Administrator.

I created using Azure CLI as it provides option to create with principal id, So I created using of my function's Managed Identity's Principal ID and it worked for me. For Reference check this document

az confidentialledger create --name "testingledger" --resource-group "myResourceGroup" --location "EastUS" --ledger-type "Public" --aad-based-security-principals ledger-role-name="Administrator" principal-id="<your-principal-id>"

#My Code timefunc.cs:

using System;
using Microsoft.Azure.WebJobs;
using Microsoft.Extensions.Logging;
using Azure.Identity;
using Azure.Security.ConfidentialLedger;
using System.Threading.Tasks;
using Azure.Core;
using Azure;

namespace FunctionApp1
{
    public class timefunc
    {
        [FunctionName("timefunc")]
        public async Task RunAsync([TimerTrigger("0 */5 * * * *")] TimerInfo myTimer, ILogger logger)
        {
            logger.LogInformation($"C# Timer trigger function executed at: {DateTime.Now}");
            try
            {
                var ledgerClient = new ConfidentialLedgerClient(new Uri("https://testingledger.confidential-ledger.azure.com"), new DefaultAzureCredential());
                Operation postOperation = ledgerClient.PostLedgerEntry(
                    waitUntil: WaitUntil.Completed,
                    RequestContent.Create(
                        new { contents = $"Hello world! Localtime: {DateTime.Now}, UTC {DateTime.UtcNow}" }));

                string transactionId = postOperation.Id;
                logger.LogInformation($"Appended transaction with Id: {transactionId}");
            }
            catch (Exception ex)
            {
                logger.LogError($"Error: {ex.Message}");
            }
        }
    }
}

.csproj:

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>net6.0</TargetFramework>
    <AzureFunctionsVersion>v4</AzureFunctionsVersion>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Azure.Identity" Version="1.10.4" />
    <PackageReference Include="Azure.ResourceManager.ConfidentialLedger" Version="1.0.1" />
    <PackageReference Include="Azure.Security.ConfidentialLedger" Version="1.2.0" />
    <PackageReference Include="Microsoft.ApplicationInsights.WorkerService" Version="2.21.0" />
    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.2.0" />
  </ItemGroup>
  <ItemGroup>
    <None Update="host.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
    </None>
    <None Update="local.settings.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
      <CopyToPublishDirectory>Never</CopyToPublishDirectory>
    </None>
  </ItemGroup>
</Project>

OUTPUT: