❔ Azure ASP.NET web api defaultAzureCredentials Error (DevOps Help)
I keep getting this error and I've tried a lot of ways to fix it.
I've granted role based perms to all services that needed it.
I don't know what could be the problem if all the roles have been granted.
This was how i implemented the key vault auth
Content: {"error":{"code":"Forbidden","message":"Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.\r\nCaller: appid=a8c4350e-f7e4-48f6-a23d-4db027cb7d2a;oid=5ebc7344-8dd2-4004-add6-ece8b21aec65;iss=https://sts.windows.net/b4af76de-a3e6-40c4-a701-93d044274bbc/\r\nAction: 'Microsoft.KeyVault/vaults/secrets/readMetadata/action'\r\nResource: '/subscriptions/ef0e2556-48c1-4e0e-acbf-b99773eb392e/resourcegroups/zelp/providers/microsoft.keyvault/vaults/zelpkeyvault'\r\nAssignment: (not found)\r\nDecisionReason: 'DeniedWithNoValidRBAC' \r\nVault: ZelpKeyVault;location=westus\r\n","innererror":{"code":"ForbiddenByRbac"}}}Content: {"error":{"code":"Forbidden","message":"Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.\r\nCaller: appid=a8c4350e-f7e4-48f6-a23d-4db027cb7d2a;oid=5ebc7344-8dd2-4004-add6-ece8b21aec65;iss=https://sts.windows.net/b4af76de-a3e6-40c4-a701-93d044274bbc/\r\nAction: 'Microsoft.KeyVault/vaults/secrets/readMetadata/action'\r\nResource: '/subscriptions/ef0e2556-48c1-4e0e-acbf-b99773eb392e/resourcegroups/zelp/providers/microsoft.keyvault/vaults/zelpkeyvault'\r\nAssignment: (not found)\r\nDecisionReason: 'DeniedWithNoValidRBAC' \r\nVault: ZelpKeyVault;location=westus\r\n","innererror":{"code":"ForbiddenByRbac"}}}I've granted role based perms to all services that needed it.
I don't know what could be the problem if all the roles have been granted.
This was how i implemented the key vault auth
var keyVaultURI = new Uri(builder.Configuration.GetSection("KeyVaultURI").Value!);
// you need to be logged in to Azure for this to work, via azure cli or visual studio
var azureCredential = new DefaultAzureCredential();
// Adds our secrets from Key Vault to the configuration
builder.Configuration.AddAzureKeyVault(keyVaultURI, azureCredential);var keyVaultURI = new Uri(builder.Configuration.GetSection("KeyVaultURI").Value!);
// you need to be logged in to Azure for this to work, via azure cli or visual studio
var azureCredential = new DefaultAzureCredential();
// Adds our secrets from Key Vault to the configuration
builder.Configuration.AddAzureKeyVault(keyVaultURI, azureCredential);
