Access denied to first party service.

Harshi Patel 16 Reputation points

Service request failed.
Status: 403 (Forbidden)

{"error":{"code":"Forbidden","message":"Access denied to first party service.\r\nCaller: name=from-infra;tid=f8cdef31-a31e-4b4a-93e4-5f571e91255a;appid=872cd9fa-d31f-45e0-9eab-6e460a02d1f1;iss=\r\nVault: devKeyvaultU;location=eastus","innererror":{"code":"AccessDenied"}}}

Pragma: no-cache
x-ms-keyvault-region: eastus
x-ms-request-id: REDACTED
x-ms-keyvault-network-info: conn_type=Ipv4;addr=;act_addr_fam=InterNetwork;
Strict-Transport-Security: REDACTED
X-Content-Type-Options: REDACTED
Cache-Control: no-cache
Date: Sat, 22 Aug 2020 17:58:58 GMT
X-AspNet-Version: REDACTED
X-Powered-By: REDACTED
Content-Length: 333
Content-Type: application/json; charset=utf-8
Expires: -1

1h 16m 54s

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
890 questions
{count} votes

2 answers

Sort by: Most helpful
  1. brucezcsi 26 Reputation points

    Looks like it has bugs on DefaultAzureCredential class, especially the VisualStudioCredential class being used internally. According to, I replaced the DefaultAzureCredential with ChainedTokenCredential, the key value secret was successfully retrieved.

    Sample code:
    var cred = new ChainedTokenCredential(new ManagedIdentityCredential(), new AzureCliCredential());
    SecretClient client = new SecretClient(new Uri(keyvaultUri), cred);
    Response<KeyVaultSecret> secret = await client.GetSecretAsync("kv-sec-test");

    For using AzureCliCredential, login with azure cli is required. The details can be found in above link.

    5 people found this answer helpful.

  2. Justin Griep 41 Reputation points

    I had this same error message when trying to deploy a Cloud Service (Extended Support) which tied the web role to a key vault. I was able to solve the issue by upgrading Visual Studio from 16.9.2 to 16.9.6. This may relate to more key vault access issues than the one I was having and hope this helps someone else out.

    0 comments No comments