Hello Team,
We are using Azure Managed Service Identities(MSI) to authenticate our service-to-service calls in Azure. It was working fine till recently, now we are getting below error while trying to get the MSI token. We are using Microsoft.Azure.Services.AppAuthentication (v1.0.3.0) NuGet package to get the token. This issue is happening only within App Service Environment(ASE), other places its working fine.
Sample code to get token:
var azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/");
Error:
{"success":false,"body":"Parameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: . Exception Message: Tried the following 3 methods to get an access token, but none of them worked.\nParameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: . Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. MSI ResponseCode: InternalServerError, Response: {\u0022statusCode\u0022:500,\u0022message\u0022:\u0022An unexpected error occured while fetching the AAD Token.\u0022,\u0022correlationId\u0022:\u00229cfb60b9-62a9-4768-a297-f15a82977891\u0022}\nParameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: . Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Environment variable LOCALAPPDATA not set.\nParameters: Connection String: [No connection string specified], Resource: https://management.azure.com/, Authority: . Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. /bin/bash: az: No such file or directory\n\n"}
Anybody has faced this issue?
Are there any security limitations for MSI within ASE?
Also do we have any rate limits to MSI endpoint?
Regards,
Manoj