"A task was canceled." using Active Directory Default authentication in connection string #2105
Comments
|
@cghgreg We will look into this and will get back to you. |
|
@cghgreg The order in which default credential work is in the link https://learn.microsoft.com/en-us/sql/connect/ado-net/sql/azure-active-directory-authentication?view=sql-server-ver16#using-active-directory-default-authentication. You have to make sure Azure function app environment is configured correctly to pick up the credentials correctly for connections. How are you able to connect manually successfully to the server? |
|
No I get this error when trying to debug locally through Visual Studio. I never got it working locally so I never tried it remotely. |
|
Code along these lines seems to work just fine with both EF6 and EF Core (this is from my EF6 implementation). For EF6, I was following instructions from a blog about using the AppAuthentication package's SQL authentication provider and Active Directory Interactive authentication, which worked sometimes but would sometimes get stuck in some kind of deadlock. The code below seems to be more reliable. When I have this run locally, it will use VisualStudioCredential, and when on my VM/App Service/Function App with a Managed Identity it will autheticate as that identity, just as I expect. private static Azure.Core.AccessToken accessToken = default;
private static readonly object lockObj = new object();
public DataContext(string nameOrConnectionString)
: base(nameOrConnectionString)
{
((SqlConnection)this.Database.Connection).AccessToken = GetToken();
}
private static string GetToken()
{
// Ensure waiting threads don't get another token if one was just fetched
lock (lockObj)
{
if (accessToken.ExpiresOn < DateTimeOffset.Now.AddSeconds(5))
{
var credential = new Azure.Identity.DefaultAzureCredential();
accessToken = credential.GetToken(new Azure.Core.TokenRequestContext(new[] { "https://database.windows.net/.default" }));
}
}
return accessToken.Token;
} |
|
I'd like to add another stack trace to this bug, it's slightly different but also very similar. I've been dealing with it for months actually. Oddly, only happens on my company laptop, whether I'm using it remotely via ZScaler, or if I'm in the office. It does not ever happen on my Azure VM with the same code. It's also somewhat inconsistent, sometimes the Api code just works. I've yet to find a pattern. There's a theory among my infrastructure colleagues that some switching / routing info could be flapping between correct and incorrect. First, the stack trace. Now, interestingly, App Insights logging shows that the code is trying to get a token from the identity IMDS endpoint (MI auth method), and it seems to be connecting, but getting no response, then it backs off, tries again, and eventually throws.
Any help greatly appreciated. Obviously this is used via EF Core. I haven't tried a simpler test case of direct SqlClient. |
|
This looks like an issue with Visual Studio rather than SqlClient - see https://developercommunity.visualstudio.com/t/Version-1770-Preview-20---WebApp-unab/10409641?q=%22a+task+was+cancelled%22&sort=newest and Azure/azure-sdk-for-net#38014 - this looks to be a Visual Studio related issue with |
|
Deleting the Hopefully they will implement a real solution... |
This might have helped, a bit. What I've found since doing that, is the first time after starting the app in VS, I get the same failing behavior as above, if I try it again, it works and then continues to work until the next app restart. Something about the SqlClient / EF Core warmup? Very odd. Also odd that it works perfectly, every time in my Azure VM. |
Also worked for me. Delete folder, restart Visual Studio - voilá 👍 |
|
I tried closing VS, deleting %LOCALAPPDATA%/.IdentityService, restarting the computer, logging back into VS, and I still had issues. I ended up opening the VS installer, repairing, and that fixed my problem. So that's a nuclear option in case deleting the .IdentityService folder doesn't work for you. Update: my problem recurred after repairing VS. And repairing again did NOT fix my issue. I also tried raphi007fly's suggestion of moving Microsoft.Data.SqlClient to 4.1.1, and that didn't help either. I have two PCs with Visual Studio installed. 17.7.3 experiences this problem. 17.5.3 running the same code on the same network does not experience this problem. We are also using Conditional Access with MFA for our accounts. I don't know if that is relevant or not. Visual Studio is now unusable for about half of our dev team who have upgraded to 17.7.3. We REALLY need a solution. |
|
I also encountered the same problem. Downgrading the Microsoft.Data.SqlClient nuget package from 5.1.1 to 4.1.1 solved the problem for me. Note that I also tried the previous steps of clearing %LOCALAPPDATA%/.IdentityService and repairing VS 2022. |
|
Please see Thomas's comment in a linked thread: https://developercommunity.visualstudio.com/t/Version-1770-Preview-20---WebApp-unab/10409641#T-N10463906 This solution worked for me while on v17.7.3 without having to change any NuGet packages. Basically, add a 30 second connection timeout to your SQL Server connection string. |
|
I've been experiencing the same issue. Updated VS to 17.8.4 and still have the same issue. Tried deleting the .IdentityService folder and that did not help. Increasing the Connection Timeout limit to 60s works, but obviously is not really a solution. Here are some of the references in my .NET 6 Azure Function project: Let me know if there's any additional info I can provide. |
|
I've started facing this issue only on my dev machine, on dev servers and on my colleagues machine it's not happening.. I've tried to remove and re-add permissions on Azure... |
|
Hello the issue is still happening with 5.2 |
|
I found that this issue is happening when I also enable Application Insights in the project. |
|
This thing has not been fixed. Is there going to be a fix some day? |
Describe the bug
I have an .NET 6 Azure Function app with EF Core 6 and Microsoft.Data.SqlClient 4.1.0 and I'm trying to connect to an Azure SQL database with Active Directory Default authentication via the connection string. However, I get a 'task canceled' exception when it attempts to fetch the access token. This occurs when debugging the function app from Visual Studio.
I've also tried this in a .net 7 MVC app with EF Core 7 and Microsoft.Data.SqlClient 5.1.1 and ran into the same problem.
Related Stack Overflow question: https://stackoverflow.com/q/72984555/2200576
Stack trace for function app:
Stack trace for MVC app:
To reproduce
Expected behavior
SqlClient is able to get an access token opaquely and connect to the Azure SQL database without additional boilerplate by simply injecting MyDbContext and enumerating a DbSet.
Further technical details
Microsoft.Data.SqlClient version: 4.1.0, 5.1.1
.NET target: net60, net70
SQL Server version: Azure SQL
Additional context
When I attempt to fetch a token manually using Azure.Identity.DefaultAzureCredential and attach it to the DbConnection, that works fine; it's only when trying to use it purely with service collection extension methods and "Authentication=Active Directory Default" in the connection string do I run into this issue.
The text was updated successfully, but these errors were encountered: