C
C#16mo ago
MoltenFuzzy

❔ Azure ASP.NET web api defaultAzureCredentials Error (DevOps Help)

I keep getting this error and I've tried a lot of ways to fix it. 
Content: {"error":{"code":"Forbidden","message":"Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.\r\nCaller: appid=a8c4350e-f7e4-48f6-a23d-4db027cb7d2a;oid=5ebc7344-8dd2-4004-add6-ece8b21aec65;iss=https://sts.windows.net/b4af76de-a3e6-40c4-a701-93d044274bbc/\r\nAction: 'Microsoft.KeyVault/vaults/secrets/readMetadata/action'\r\nResource: '/subscriptions/ef0e2556-48c1-4e0e-acbf-b99773eb392e/resourcegroups/zelp/providers/microsoft.keyvault/vaults/zelpkeyvault'\r\nAssignment: (not found)\r\nDecisionReason: 'DeniedWithNoValidRBAC' \r\nVault: ZelpKeyVault;location=westus\r\n","innererror":{"code":"ForbiddenByRbac"}}}
Content: {"error":{"code":"Forbidden","message":"Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.\r\nCaller: appid=a8c4350e-f7e4-48f6-a23d-4db027cb7d2a;oid=5ebc7344-8dd2-4004-add6-ece8b21aec65;iss=https://sts.windows.net/b4af76de-a3e6-40c4-a701-93d044274bbc/\r\nAction: 'Microsoft.KeyVault/vaults/secrets/readMetadata/action'\r\nResource: '/subscriptions/ef0e2556-48c1-4e0e-acbf-b99773eb392e/resourcegroups/zelp/providers/microsoft.keyvault/vaults/zelpkeyvault'\r\nAssignment: (not found)\r\nDecisionReason: 'DeniedWithNoValidRBAC' \r\nVault: ZelpKeyVault;location=westus\r\n","innererror":{"code":"ForbiddenByRbac"}}}
I've granted role based perms to all services that needed it. I don't know what could be the problem if all the roles have been granted. This was how i implemented the key vault auth 
var keyVaultURI = new Uri(builder.Configuration.GetSection("KeyVaultURI").Value!);

// you need to be logged in to Azure for this to work, via azure cli or visual studio
var azureCredential = new DefaultAzureCredential();

// Adds our secrets from Key Vault to the configuration
builder.Configuration.AddAzureKeyVault(keyVaultURI, azureCredential);
var keyVaultURI = new Uri(builder.Configuration.GetSection("KeyVaultURI").Value!);

// you need to be logged in to Azure for this to work, via azure cli or visual studio
var azureCredential = new DefaultAzureCredential();

// Adds our secrets from Key Vault to the configuration
builder.Configuration.AddAzureKeyVault(keyVaultURI, azureCredential);
2 Replies
MoltenFuzzy
MoltenFuzzyOP16mo ago
works locally but not in prod works with access policy but not role based access control
Accord
Accord16mo ago
Looks like nothing has happened here. I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server