Azure web app cannot find the connection string
Solution 1
Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net
The error actually happens when the AzureServiceTokenProvider is trying to obtain a token to access the Vault using the service’s Managed Identity.
1.Pass “RunAs=App;” in the connectionString parameter of AzureServiceTokenProvider. This way it will not try different modes to obtain a token, and the exception is a bit better.
2.Install/update the latest version of Microsoft.Azure.Services.AppAuthentication.
When you enable MSI and get access denied, check Azure keyvault Access policy>add access policy and add your MSI service principle with get secret permission. Refer to this article.
Solution 2
For me this happen when i run my function app locally and i change my Microsoft password, as the logged in user credentials were using for authorizations for managed identity, Try re entering your credentials
Solution 3
I know this has an accepted answer, but it didn't help much with my keyvault issue, which had the same error message, so posting a new answer here just in case it helps someone stumbles upon this question.
My app was connecting fine locally, but failing on remote, issue is it needed an identity and be allowed access to the key vault.
Refer to this with more details steps on how to setup that Azure web app and managed identity to access key vault
Comments
-
renakre almost 2 years
I am just trying to publish my application in Azure as a Web App. I have been facing issue about the connection string. The server just can't identify what the connection string is, as you may see from the error below:
Unhandled Exception: Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/b99992c6-d6c5-4028-99b5-a1f106bb90bc. Exception Message: Tried the following 3 methods to get an access token, but none of them worked. Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/b99992c6-d6c5-4028-99b5-a1f106bb90bc. Exception Message: Tried to get token using Managed Service Identity. Access token could not be acquired. An attempt was made to access a socket in a way forbidden by its access permissions Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/b99992c6-d6c5-4028-99b5-a1f106bb90bc. Exception Message: Tried to get token using Visual Studio. Access token could not be acquired. Visual Studio Token provider file not found at "D:\local\LocalAppData\.IdentityService\AzureServiceAuth\tokenprovider.json" Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/b99992c6-d6c5-4028-99b5-a1f106bb90bc. Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. 'az' is not recognized as an internal or external command, operable program or batch file. at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.GetAuthResultAsyncImpl(String authority, String resource, String scope, CancellationToken cancellationToken) at Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider.<get_KeyVaultTokenCallback>b__8_0(String authority, String resource, String scope) at Microsoft.Azure.KeyVault.KeyVaultCredential.PostAuthenticate(HttpResponseMessage response) at Microsoft.Azure.KeyVault.KeyVaultCredential.ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken) at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(String vaultBaseUrl, Nullable`1 maxresults, Dictionary`2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, String vaultBaseUrl, Nullable`1 maxresults, CancellationToken cancellationToken) at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync() at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load() at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers) at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build() at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors) at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build() at Synergy.Program.Main(String[] args) in C:\Users\Erkan Er\source\repos\Synergy\Program.cs:line 21Below is the appsettings.json:
{ "ConnectionStrings": { "DefaultConnection": "Data Source=server.database.windows.net;Initial Catalog=synergylearn_db;User ID=userid;Password=password;Connect Timeout=60;Encrypt=True;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False;RunAs=App;", "AzureStorageConnectionString-1": "DefaultEndpointsProtocol=https;AccountName=encamina;AccountKey=V0/+NhCGcq1vBCc1wJ5L9V620fi5E0cX0cX4/pbOFzjqBxRapLBmaDt75LQcoX3HBskY/34E0MwGH/OWToryUg==;EndpointSuffix=core.windows.net" }, "AppSettings": { "Secret": "abc" }, "Logging": { "LogLevel": { "Default": "Warning" } }, "AllowedHosts": "*", "Authentication": { "Google": { "ClientId": "xxx", "ClientSecret": "xx" } } }And, here is the
Startup.cs:public Startup(IHostingEnvironment env) { var builder = new ConfigurationBuilder() .SetBasePath(env.ContentRootPath) .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true) .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true) .AddEnvironmentVariables(); Configuration = builder.Build(); } public IConfiguration Configuration { get; } public void ConfigureServices(IServiceCollection services) { services.AddCors(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2) .AddJsonOptions(options => { options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore; }); ; // configure strongly typed settings objects var appSettingsSection = Configuration.GetSection("AppSettings"); services.Configure<AppSettings>(appSettingsSection); // configure jwt authentication var appSettings = appSettingsSection.Get<AppSettings>(); var key = Encoding.ASCII.GetBytes(appSettings.Secret); services.AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }); services.AddDbContext<SynergyDbContext>( options => options.UseSqlServer( Configuration.GetConnectionString("DefaultConnection") //Configuration["ConnectionStrings:DefaultConnection"] ) ); services.AddTransient<SynergyDbContext>();If I run it from the local computer, using the same settings, it works fine. But, it does not work on the server. Any ideas?
UPDATE
When, I check from the url
https://myapp.scm.azurewebsites.net/env, I see this section:Connection Strings LocalSqlServer ConnectionString = data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true ProviderName = System.Data.SqlClientAnd, also this section, where the correct connection string is displayed:
SQLCONNSTR_DefaultConnection = Data Source=server.database.windows.net;Initial Catalog=synergylearn_db;User ID=userid;Password=password;Connect Timeout=60;Encrypt=True;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False;RunAs=App; -
user2276101 over 3 yearsThis was it for me. Check if you need to re-enter your credentials in Visual Studio, under both Help > About > License Status and Tools > Options > Azure Service Authentication.
-
steve over 3 yearsFWIW: I didn't know what MSI meant, but after some reading it seems to mean Managed Service Identity ... which is now an old name ... new name is managed identity for azure resource or something like that. -
seandkim almost 2 yearsSimply updating the version of
Microsoft.Azure.Services.AppAuthenticationfrom 1.5.0 to 1.6.2 fixed the issue for me
