Using Azure Managed Identities API
I am trying to get an api token using azure managed identity through an application hosted by azure app services, when trying to get the token through a get request using
System.Environment.GetEnvironmentVariable("MSI_ENDPOINT"); as my endpoint I get a 403 status on the response, any ideas what I could be missing?16 Replies
Where are you making the request?
im getting the system evironment variable MSI Endpoint
and then adding on an api version and resource as url parameters
the token will be used in future requests to get devops build/release pipeline information if that helps
There's another env var iirc that gets rotated automatically
forgot to mention, not sure if it matters for that but this is hosted on azure app services
hence why im not making the call to 169.254.169.254
cos that requires it to be on a vm
MSI_SECRET I think
i have tried using that
adding in header "Secret" with that env var as the value
that wasnt working either, same 403 issue
Try x-identity-header
so would that be
httpClient.DefaultRequestHeaders.Add("x-identity-header", msiSecret);?
also do you by chance know what resource i should be using, is it dev.azure.com? ive had multiple examples using that and management.azure.comOh
GET /MSI/token?resource=https://vault.azure.net&api-version=2019-08-01 HTTP/1.1
Host: localhost:4141
X-IDENTITY-HEADER: 853b9a84-5bfa-4b22-a3f3-0b9a43d9ad8a
Example from MSI docs
im about to head home, any chance you can link that doc page for me, ill take a look once i get there
Managed identities - Azure App Service
Learn how managed identities work in Azure App Service and Azure Functions, how to configure a managed identity and generate a token for a back-end resource.
Thanks
changed over header and got an error 500
nevermind had wrong resource on that
200
Cool
have confirmed the token is in the response, thank you for your help