DefaultAzureCredential Managed Identity Behavior Inconsistent w/ other Azure services. #8037
Assignees
Comments
|
Hi @mattchenderson, Could you please look at this issue here. |
|
The service behavior is as expected. The requirement to specify the user-assigned identity and not assume it was intentional, and I'm not sure how the behavior drift came up. I'll follow up with the teams involved to understand that a bit better and see what can be done. But for now, I would say there are no active plans to start defaulting the user-assigned identity, and it must be defined explicitly when requesting the token in App Service and Azure Functions. |
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Authenticating to other Azure services w/ a DefaultAzureCredential and one user-assigned Managed Identity (system-assigned turned off) results in a 400 bad request.
If the same setup runs on an Azure VM, the DefaultAzureCredential intelligently leverages the only Managed Identity assigned (the single user-assigned).
Repro steps
Provide the steps required to reproduce the problem:
Expected behavior
The request should be successfully authenticated using the single user-assigned Managed Identity.
Actual behavior
Resulting call fails w/ a 400 bad request
Known workarounds
Supplying the env variable AZURE_CLIENT_ID alleviates this issue. This is undesirable because it is yet another thing to keep track of when the default convention works elsewhere in Azure (e.g. Azure VMs)
Related information
https://stackoverflow.com/questions/68954854/defaultazurecredential-doesnt-work-with-user-assigned-managed-identity-in-azure
Azure/Azure-Functions#2100
Provide any related information
This is related to the .NET Azure.Identity behavior.
The text was updated successfully, but these errors were encountered: