I have configured my WebAPI to get Azure Storage connection string out of Azure KeyVault using Managed Identity.
For that, I have created an Azure AD dedicated user, which is given permission to get/list secrets from Azure KeyVault. I then assigned this user to my AZURE_USERNAME
environment variable and I have configured Visual Studio to use this account.
It all works fine as long as I run the WebAPI in IIS Express when I debug from Visual Studio. However I want to run the WebApi from my local IIS when I debug in Visuall Studio.
What am I missing here ? I suspect it is because local IIS does not run with the configured user above, but what would be the workaround ?
The error I get is
AzureServiceTokenProviderException: Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/some_id. Exception Message: Tried the following 3 methods to get an access token, but none of them worked.
In the end I created a dedicated service principal in azure ad which is then added to my applications's users. This service principal is referenced by the environment variable on the dev machine.