C# AzureSDK SecretClient how to authenticate against AzureChinaCloud
I am trying to get some secrets from a KeyVault in AzureChinaCloud. I have the following code that is working fine for an AzureCloud KeyVault, however when I change the KeyVault address to one in China it no longer works.
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
using Azure.Core;
using System;
namespace maintenance.connections
{
public class AzureKeyVault
{
private const Int64 Delay = 2;
private const Int64 MaxDelay = 16;
private const Int32 MaxRetries = 5;
private SecretClientOptions Options { get; set; }
public SecretClient Secrets { get; set; }
public AzureKeyVault(Uri VaultUrl)
{
Options = new SecretClientOptions();
Options.Retry.Delay = TimeSpan.FromSeconds(Delay);
Options.Retry.MaxDelay = TimeSpan.FromSeconds(MaxDelay);
Options.Retry.MaxRetries = MaxRetries;
Options.Retry.Mode = RetryMode.Exponential;
DefaultAzureCredentialOptions CredentialOptions = new DefaultAzureCredentialOptions();
if (Environment.GetEnvironmentVariable("AuthorityHost") != null)
{
CredentialOptions.AuthorityHost = new Uri(Environment.GetEnvironmentVariable("AuthorityHost")); //AuthorityHost = https://login.chinacloudapi.cn/
}
Secrets = new SecretClient(VaultUrl, new DefaultAzureCredential(CredentialOptions), Options);
}
}
}
When I execute Secrets.GetSecret(SecretName) I get the following error
AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found.
Check to make sure you have the correct tenant ID and are signing into
the correct cloud. Check with your subscription administrator, this
may happen if there are no active subscriptions for the tenant.
The following environment variables set AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET. Also I tried it directly from and Azure Function in China configured to use a SystemManaged Identity and the same error is displayed
Do you know what I am missing? The TenanId exist and the credentials set on environment variables has permissions.