Service Principle Identity not working with azure config connectivity in local environment with .Net and azure. Error 403 not able to connect

Question

I have .NET application which connect with azure app config local development environment. its working fine with connection string of azure app config. but when I try with service principle identity it failed it give 403.

                string tenantId = "mytenatID";
                string clientId = "MyCLientID";
                string clientSecret = "MySecreat";
#if DEBUG
                Environment.SetEnvironmentVariable("AZURE_TENANT_ID", tenantId);
                Environment.SetEnvironmentVariable("AZURE_CLIENT_ID", clientId);
                Environment.SetEnvironmentVariable("AZURE_CLIENT_SECRET", clientSecret);
#endif
                builder.Configuration.AddAzureAppConfiguration(options =>
  options.Connect(
      new Uri(builder.Configuration["AppConfig:Endpoint"]),
        new ManagedIdentityCredential()));
            }
            catch (Exception ex)
            {

                throw;
            }

Also I added My tenantId clientID and secrets in

1. launch setting.json
2. System and user environments

Also I added proper permission for Azure AD AP permission and also added service principle in azure app config IM with contributor role.

I also tried

  var credentialccc = new DefaultAzureCredential(new DefaultAzureCredentialOptions
  {
     // ExcludeEnvironmentCredential = true,
    //  ExcludeManagedIdentityCredential = true,
      ExcludeVisualStudioCredential = true,
      ExcludeAzureCliCredential = true,
      ExcludeAzurePowerShellCredential = true,
      ExcludeSharedTokenCacheCredential = true
  });

and

     builder.Configuration.AddAzureAppConfiguration(options =>
options.Connect(
    new Uri(builder.Configuration["AppConfig:Endpoint"]),
      new **DefaultAzureCredential**()));

All attempts giving me 403 issue in local development. Let me know any one also faces similar issue

Answer 1

I created one Azure App Configuration named testappconfig01 with below keys and values:

Initially, I too got 403 error when I tried to connect Azure App Config with service principal having Contributor role as it does not grant direct access to the data using Microsoft Entra ID:

To resolve the error, you need to assign roles like App Configuration Data Owner or App Configuration Data Reader to the service principal under App Config, based on your requirement:

In my case, I used below code to connect with Azure App Config and got the response with key value successfully like this:

using Azure.Identity;
using Azure.Data.AppConfiguration;
using Azure;

try
{
    string tenantId = "tenantId";
    string clientId = "appId";
    string clientSecret = "secret";

    var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

    var client = new ConfigurationClient(
        new Uri("https://testappconfig01.azconfig.io"),
        credential);

    var setting = client.GetConfigurationSetting("key_name");

    Console.WriteLine(setting.Value);
}
catch (RequestFailedException ex)
{
    Console.WriteLine($"Received a {ex.Status} status code with message: {ex.Message}");
}
catch (Exception ex)
{
    Console.WriteLine($"An unexpected error occurred: {ex.Message}");
}

Response:

Reference: Authorize access to Azure App Configuration using Microsoft Entra ID