I try to add AzureAppConfiguration to my dotnet core web application using the following Code:
var azureCredential = new DefaultAzureCredential();
config.AddAzureAppConfiguration(options =>
options.Connect(new Uri("https://MYCONFIGURATION.azconfig.io"), azureCredential).ConfigureKeyVault(kv =>
{
kv.SetCredential(azureCredential);
})
....
this fails with the Following Error:
Azure.RequestFailedException: Service request failed. Status: 403 (Forbidden)
If I do use the Connection String to connect to the AzureAppConfiguration itself it does work:
var azureCredential = new DefaultAzureCredential();
config.AddAzureAppConfiguration(options =>
options.Connect("Endpoint=https://ac-mobileapps-dev.azconfig.io;Id=MYID;Secret=MYSECRET").ConfigureKeyVault(kv =>
{
kv.SetCredential(azureCredential);
})
....
I run this on my local machine, so the default credentials return my AzureCLI Creds. With those same creds I can run
az appconfig kv list -n MYCONFIGURATION
and retrieve all values.
Please make sure you grant your identity App Configuration Data Reader or App Configuration Data Owner role in the Access Control of your App Configuration instance and wait for ~15 minutes for the permission to propagate.
More details can be found at https://learn.microsoft.com/en-us/azure/azure-app-configuration/concept-enable-rbac
BTW, the CLI command you used doesn't use AAD auth. Use the --auth-mode parameter to specify how you want to authenticate.
az appconfig kv list -n MYCONFIGURATION --auth-mode login