Share via

Why does azure not find my tentant Id

Manfred Mühlbacher 1 Reputation point
2024-01-31T19:00:13.2166667+00:00

Hi,

I am trying to implement Azure KeyVault in my asp.net core 6 web application. The web application is not hosted in Azure.

I followed the available instructions and

  • added a registered application to my Azure account (obtained TenantId, ClientId, ClientSecret)
  • added a KeyVault with secrets
  • gave permission to the registered application to use the KeyVault

In my web app I installed all the neccessary libraries and implimented a helper class (relevant parts below) that retrieves secrets from the vault 

var secretClient = new SecretClient(
           new Uri($"https://{_keyVaultName}.vault.azure.net/"),
           new ClientSecretCredential(_tenantId, _clientId, _clientSecret));

var clientSecret = secretClient.GetSecret(clientSecretSecretName).Value.Value;

The application builds without error but when I run the helper class I get the error:

Azure.Identity.AuthenticationFailedException
  HResult=0x80131500
  Message=ClientSecretCredential authentication failed: AADSTS90002: Tenant 'xxx' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant.

I am the administrator of the Azure account and I do have an active subscription. I am also quite sure that I am using the correct TenantId, ClientId and ClientSecret.

I would be very grateful for any hints or suggestions for pinning down the cause of the error and how to fix it.

Regards, Anna

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,453 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2024-02-02T01:57:08.3933333+00:00

    @Manfred Mühlbacher ,

    I recommend checking the authentication logs to get more details. https://learn.microsoft.com/en-us/samples/azure-samples/dsregtool/dsregtool/

    The error message can occur for these reasons:

    • If the subscription is not attached to the relevant tenant
    • If you have registered the application in one tenant but are trying to obtain the auth token from a different one, you may receive this error. If this is the case, I would recommend making sure that you are setting up the correct Entra ID (Azure AD) Instance URLs since we have both the public Azure instance and non-public Azure instance. Endpoints for the cloud instances are listed here:

    https://learn.microsoft.com/en-us/entra/identity-platform/authentication-national-cloud#azure-ad-authentication-endpoints

    • If the account you are using to sign in is a domain account that does not exist in Entra (AAD)
    • If you are not using the latest version of Microsoft.IdentityModel.Clients.ActiveDirectory.

    If you have already checked these variables but are still facing this issue, feel free to send me an email at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I will open a one-time free support case to have your issue investigated.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.