Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,126 questions
C# AzureSDK SecretClient how to authenticate against AzureChinaCloud
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 41%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Ezequiel De Luca
1
Reputation point
I am trying to get some secrets from a KeyVault in AzureChinaCloud. I have the following code that is working fine for an AzureCloud KeyVault, however when I change the KeyVault address to one in China it no longer works.
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
using Azure.Core;
using System;
namespace maintenance.connections
{
public class AzureKeyVault
{
private const Int64 Delay = 2;
private const Int64 MaxDelay = 16;
private const Int32 MaxRetries = 5;
private SecretClientOptions Options { get; set; }
public SecretClient Secrets { get; set; }
public AzureKeyVault(Uri VaultUrl)
{
Options = new SecretClientOptions();
Options.Retry.Delay = TimeSpan.FromSeconds(Delay);
Options.Retry.MaxDelay = TimeSpan.FromSeconds(MaxDelay);
Options.Retry.MaxRetries = MaxRetries;
Options.Retry.Mode = RetryMode.Exponential;
DefaultAzureCredentialOptions CredentialOptions = new DefaultAzureCredentialOptions();
if (Environment.GetEnvironmentVariable("AuthorityHost") != null)
{
CredentialOptions.AuthorityHost = new Uri(Environment.GetEnvironmentVariable("AuthorityHost")); //AuthorityHost = https://login.chinacloudapi.cn/
}
Secrets = new SecretClient(VaultUrl, new DefaultAzureCredential(CredentialOptions), Options);
}
}
}
When I execute Secrets.GetSecret(SecretName) I get the following error
AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found.
Check to make sure you have the correct tenant ID and are signing into
the correct cloud. Check with your subscription administrator, this
may happen if there are no active subscriptions for the tenant.
The following environment variables set AZURE_TENANT_ID, AZURE_CLIENT_ID and AZURE_CLIENT_SECRET. Also I tried it directly from and Azure Function in China configured to use a SystemManaged Identity and the same error is displayed
Do you know what I am missing? The TenanId exist and the credentials set on environment variables has permissions.
{count} votes
-
AmanpreetSingh-MSFT 56,311 Reputation points2022-05-23T13:01:27.913+00:00 Hi @Ezequiel De Luca • Instead of hardcoding the AuthorityHost, and using
DefaultAzureCredentialOptions CredentialOptions = new DefaultAzureCredentialOptions();, can you try setting the AuthorityHost as mentioned below:DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzureChina };
-
Ezequiel De Luca 1 Reputation point
2022-05-23T16:12:43.043+00:00 Hi @AmanpreetSingh-MSFT , make the suggested change and still get the same error
-
AmanpreetSingh-MSFT 56,311 Reputation points
2022-05-24T05:20:19.52+00:00 @Ezequiel De Luca • Can you try
InteractiveBrowserCredentialto make sure the problem is not due to cookies/PRT?string tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; string client_id = "yyyyyyyy-yyyy-yyyy-yyyyyyyyyyyy"; var options = new InteractiveBrowserCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzureChina }; var mycred = new InteractiveBrowserCredential(tenant_id, client_id, options); -
Ezequiel De Luca 1 Reputation point
2022-05-24T14:39:09.607+00:00 The following alert is displayed when I attempt InteractiveBrowserCredential
Also I attempt with Azure Service Authentication option in Visual Studio and after login confirmation on browser
I got the same error. -
Ezequiel De Luca 1 Reputation point
2022-05-30T11:56:47.673+00:00 @AmanpreetSingh-MSFT any news about this topic?
Sign in to comment