Home > other >  Odd DefaultAzureCredential Behavior
Odd DefaultAzureCredential Behavior

Time:12-25

I'm having some issues authenticating using DefaultAzureCredential.

If I run this code:

var credentials = new VisualStudioCredential();
var context = new TokenRequestContext(scopes: new string[] { _storageAccountUrl   "/.default" });
var token = await credentials.GetTokenAsync(context, new System.Threading.CancellationToken());

I get the following error:

TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '04f0c124-f2bc-4f59-8241-bf6df9866bbd'(VS with native MSA) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

However, if I change the credentials to

var credentials = new AzurePowerShellCredential();

It works!!

I'm logged in as the same user in Visual Studio as I am in PowerShell.

Does anyone know why this might be happening?

-UPDATE-

Thanks to @Juunas, using the following code works. But why is this necessary (but it isn't necessary with PowerShell)?

var options = new VisualStudioCredentialOptions() { TenantId = "TENANT-ID-HERE" };
var credentials = new VisualStudioCredential(options);

CodePudding user response:

You need to specify the tenant in this case since you are using a personal MS account. I'm not 100% sure why powershell works but essentially a personal account doesn't have a home tenant like "normal" Azure AD accounts. This would also apply if your Azure AD account was a guest in the tenant that you are trying to access.

  • Related