MicrosoftConfigurationBuilders icon indicating copy to clipboard operation
MicrosoftConfigurationBuilders copied to clipboard

Published 20 hours ago verified publisher icon aspnet

AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential()

Open Juraj2 opened this issue 1 year ago • 3 comments

AzureAppConfigurationBuilder uses hardcoded DefaultAzureCredential() to read Key Vault but should use existing GetCredential()

AzureAppConfigurationBuilder.cs always uses DefaultAzureCredential() when reading App Configuration Key-value references to Key Vault. It should use already existing virtual method GetCredential() instead.

Functional impact

Classes that inherit from AzureAppConfigurationBuilder and override the protected virtual TokenCredential GetCredential() still cannot influence which TokenCredential is used when reading App Configuration values that are referencing Key Vault.

Expected result

When classes that inherit from AzureAppConfigurationBuilder override the protected virtual TokenCredential GetCredential() then the GetCredential() should also be used for App Configuration Key-value references to Key Vault

Actual result

When classes that inherit from AzureAppConfigurationBuilder override the protected virtual TokenCredential GetCredential() then the GetCredential() is only used to read Key-values from App Configuration. But when reading App Configuration Key-value references that reference Key Vault then always the hardcoded new DefaultAzureCredential() is used.

Further technical details

There is a bug in the code in AzureAppConfigurationBuilder.cs in private SecretClient GetSecretClient() method. It should use already existing virtual method GetCredential() instead of hardcoded new DefaultAzureCredential()- the same way as it is used in AzureKeyVaultConfigBuilder.cs

Juraj2 avatar Nov 15 '23 20:11 Juraj2

Facing the same issue with AzureAppConfigurationBuilder. Able to load the AppConfig values just fine, however when reading App Configuration Key-value references that reference Key Vault it always uses the default credential which throws a Azure.RequestFailedException.

We are using a CheinedTokenCredential to gain access to the Azure Resource, but unable to use the overridden GetCredential() method as it defaults to the DefaultAzureCredential().

skwazza09 avatar Nov 28 '23 19:11 skwazza09

Any progress made on this issue?

masonhuemmer avatar Dec 14 '23 18:12 masonhuemmer

I implemented the fix for it. I am waiting for the pull request approval so it gets to the next release.

Juraj2 avatar Dec 15 '23 07:12 Juraj2

Fixed with #232

StephenMolloy avatar Oct 03 '24 17:10 StephenMolloy