[BUG] GetUserDelegationKeyAsync() fails TenantDiscovery challenge

[seanmcc-msft]

Library name and version

Azure.Storage.Blobs

Describe the bug

From ICM - https://portal.microsofticm.com/imp/v3/incidents/details/326322676/home

GetUserDelegationKeyAsync() fails when enabling Tenant Discovery as an option for BlobServiceClient. The fix is to call a storage method such as GetBlobsAsync() to perform the Tenant Discovery challenge and then call GetUserDelegationKeyAsync().

My assumption is that the GetUserDelegationKeyAsync() doesn't issue a discovery challenge before sending a request to Storage.

Here is the code block below:

               BlobClientOptions options = new BlobClientOptions()
               {
                   Retry = {
                       Delay = TimeSpan.FromSeconds(2),
                       MaxRetries = 5,
                       Mode = Azure.Core.RetryMode.Exponential,
                       MaxDelay = TimeSpan.FromSeconds(10)
                   },
                   EnableTenantDiscovery = true, // Enable Tenant Discovery
               };
               BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(blobEndpoint), aadID.ClientCertificateCredential, options);
               // Initialze the tenant and authentication context with the BlobServiceClient in the case that this SA is in a different tenant.
               // We cannot just call the DelegationKey without first initializing to the SA in the tenant and retrieving a token.
               await foreach(Azure.Storage.Blobs.Models.BlobContainerItem container in blobServiceClient.GetBlobContainersAsync(prefix: containerName))
               {
                   break; // Only retrieve up to 1 container and break out.
               }



// Call getuserdelegationkey now that we've already retrieved the token to the SA.

               
var userDelegationKey = await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddHours(2));