C
C#3mo ago
DeaDo

✅ ASP.NET Core Environment Variables: missing Parameter "clientSecret" for EntraId

I want to authenticate Users with EntraId & call Downstream-APIs 
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApi(azureAdConfig)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddInMemoryTokenCaches();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApi(azureAdConfig)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddInMemoryTokenCaches();
However, I struggle to get my Environment Variables & Secrets working Because this is running in a Container I use Environment Variables. This works fine: 
string instance = Environment.GetEnvironmentVariable("ENTRA_INSTANCE") ?? throw new Exception("Missing Environment Variable ENTRA_INSTANCE");
string clientId = Environment.GetEnvironmentVariable("ENTRA_CLIENT_ID") ?? throw new Exception("Missing Environment Variable ENTRA_CLIENT_ID");
string tenantId = Environment.GetEnvironmentVariable("ENTRA_TENANT_ID") ?? throw new Exception("Missing Environment Variable ENTRA_TENANT_ID");
string entraScope = Environment.GetEnvironmentVariable("ENTRA_SCOPES") ?? throw new Exception("Missing Environment Variable ENTRA_SCOPES");
string instance = Environment.GetEnvironmentVariable("ENTRA_INSTANCE") ?? throw new Exception("Missing Environment Variable ENTRA_INSTANCE");
string clientId = Environment.GetEnvironmentVariable("ENTRA_CLIENT_ID") ?? throw new Exception("Missing Environment Variable ENTRA_CLIENT_ID");
string tenantId = Environment.GetEnvironmentVariable("ENTRA_TENANT_ID") ?? throw new Exception("Missing Environment Variable ENTRA_TENANT_ID");
string entraScope = Environment.GetEnvironmentVariable("ENTRA_SCOPES") ?? throw new Exception("Missing Environment Variable ENTRA_SCOPES");
The Compose Secret is in the correct Path in the Container and i add it to config with: 
builder.Configuration.AddKeyPerFile(directoryPath: "/run/secrets", optional: false);
builder.Configuration.AddKeyPerFile(directoryPath: "/run/secrets", optional: false);
But i have no idea how to get Auth to work. I have a workaround for the Config that works: 
var azureAdConfig = new ConfigurationBuilder()
    .AddInMemoryCollection(new Dictionary<string, string>
    {
        {"AzureAd:Instance", instance},
        {"AzureAd:TenantId", tenantId},
        {"AzureAd:ClientId", clientId},
        {"AzureAd:Scopes", entraScope}  
    })
    .Build();
...
.AddMicrosoftIdentityWebApi(azureAdConfig)
var azureAdConfig = new ConfigurationBuilder()
    .AddInMemoryCollection(new Dictionary<string, string>
    {
        {"AzureAd:Instance", instance},
        {"AzureAd:TenantId", tenantId},
        {"AzureAd:ClientId", clientId},
        {"AzureAd:Scopes", entraScope}  
    })
    .Build();
...
.AddMicrosoftIdentityWebApi(azureAdConfig)
The secret however is not recognized. This error occurs on Request: 
System.ArgumentNullException: Value cannot be null. (Parameter 'clientSecret')
System.ArgumentNullException: Value cannot be null. (Parameter 'clientSecret')
7 Replies
DeaDo
DeaDo3mo ago
IDK how to configure this in general. This also fails with the same exception 
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApi(options => {}, options => {
                    options.Instance = "https://login.microsoftonline.com/";
                    options.ClientId = "XXX";
                    options.TenantId = "XXX";
                    options.ClientSecret = "XXX";
                })
                .EnableTokenAcquisitionToCallDownstreamApi(options => {
                    options.Instance = "https://login.microsoftonline.com/";
                    options.ClientId = "XXX";
                    options.TenantId = "XXX";
                    options.ClientSecret = "XXX";
                })
                .AddInMemoryTokenCaches();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApi(options => {}, options => {
                    options.Instance = "https://login.microsoftonline.com/";
                    options.ClientId = "XXX";
                    options.TenantId = "XXX";
                    options.ClientSecret = "XXX";
                })
                .EnableTokenAcquisitionToCallDownstreamApi(options => {
                    options.Instance = "https://login.microsoftonline.com/";
                    options.ClientId = "XXX";
                    options.TenantId = "XXX";
                    options.ClientSecret = "XXX";
                })
                .AddInMemoryTokenCaches();
Sry for the Typo in the title
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo3mo ago
I have a shared secret that allows my API to call Azure Resource Manager. But there is no way to set it. other than appsettings.json Im using environment variables though
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo3mo ago
i got that. But it doesn't accept my ClientSecret i explicitly set it there
Unknown User
Unknown User3mo ago
Message Not Public
Sign In & Join Server To View
DeaDo
DeaDo3mo ago
ok ill create a new project & add nothing but this part then ill attempt to create a authenticated client The Problem was elsewhere. The Client Secret was set correctly. The Config was just fine. The errer occured, when my OBO flow tried to obtain the token for the ArmClient. I had to refactor my ArmClientBuilder to use the correct Configuration.
Want results from more Discord servers?
Add your server