I am trying to connect from a net framework app to Azure App Configuration using a Managed Identity but have permission issues.
How I connect
options.Connect(new Uri("https://myconfigstore.azconfig.io"), new ManagedIdentityCredential(clientId));
I have tried all the various clientId, objectids and applicationId guids I can find using the portal but are always getting a bad request no matter when guid I call it with
Azure.Identity.CredentialUnavailableException: 'ManagedIdentityCredential authentication unavailable,
the requested identity has not been assigned to this resource.
Status: 400 (Bad Request)
If I create ManagedIdentityCredential without specifying an clientId I get this error
Azure.RequestFailedException: 'Service request failed.
Status: 403 (Forbidden)
I have granted my manage identity Azure App Configuration Data permission
Is this the clientId I should be using?
I have just tried to use the Id of my active directory (AAD --> Properties) and i get a
Azure.RequestFailedException: 'Service request failed.
Status: 403 (Forbidden)
That can only mean that I am using the wrong id because otherwise it should have returned 400 (Bad Request) like in the other error I see.
Full code
private static async Task Main()
var builder = new ConfigurationBuilder();
const string clientId = "e589d9f1-xxxx-xxxx-xxxx-6bc940d50ab7";
builder.AddAzureAppConfiguration(options =>
options.Connect(new Uri("https://myconfigstore.azconfig.io"), new ManagedIdentityCredential(clientId));
_configuration = builder.Build();
Console.WriteLine("Number of keys: " + _configuration.GetChildren().Count());
Console.WriteLine("Demo: " + _configuration["Demo"]);
This document demonstrates how to use managed identity to access App Configuration from App Service, but you can replace the App Service with any other Azure services that support managed identity. https://learn.microsoft.com/en-us/azure/azure-app-configuration/howto-integrate-azure-managed-service-identity
Here are a few things I'd like to call out