Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,359 questions
Unable connect Azure KeyVault from App Service using Azure client credentails
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 44%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Sumanth Budamagunta
0
Reputation points
Hi Team,
I have interesting issue that we are facing in our Production environment.
We have AppService that hosts the APi, it connects the KeyVault using Service Principle. In Non-prod it was able to access the KeyVault using ServicePrinciple client credentials. Similar code and set-up configured in production and throwing below error.
2025-01-10T00:19:38.563680021Z
2025-01-10T00:19:38.563761423Z Agent extension disabled
2025-01-10T00:19:38.563773823Z Before if loop >> DotNet Runtime
2025-01-10T00:19:44.573318811Z DotNet Runtime 8.0Writing output script to '/opt/startup/startup.sh'
2025-01-10T00:19:50.607971521Z Trying to find the startup DLL name...
2025-01-10T00:19:50.608031323Z Found the startup D name: MyOrg.UI.PI.API.dll
2025-01-10T00:19:50.608038423Z Running the command: dotnet "MyOrg.UI.PI.API.dll"
2025-01-10T00:26:33.359228203Z Unhandled exception. Azure.Identity.AuthenticationFailedException: ClientSecretCredential authentication failed: Request to the endpoint timed out.
2025-01-10T00:26:33.359271704Z ---> MSAL.NetCore.4.61.3.0.MsalServiceException:
2025-01-10T00:26:33.359277904Z ErrorCode: request_timeout
2025-01-10T00:26:33.359280904Z Microsoft.Identity.Client.MsalServiceException: Request to the endpoint timed out.
2025-01-10T00:26:33.359283804Z ---> System.Threading.Tasks.TaskCanceledException: The request was canceled due to the configured HttpClient.Timeout of 100 seconds elapsing.
2025-01-10T00:26:33.359286604Z ---> System.TimeoutException: The operation was canceled.
2025-01-10T00:26:33.359289305Z ---> System.Threading.Tasks.TaskCanceledException: The operation was cancelled.
2025-01-10T00:26:33.359301905Z at Azure.Core.CancellationHelper.ThrowOperationCanceledException(Exception innerException, CancellationToken cancellationToken)
2025-01-10T00:26:33.359304905Z at Azure.Core.CancellationHelper.ThrowIfCancellationRequested(CancellationToken cancellationToken)
2025-01-10T00:26:33.359307705Z at Azure.Core.Pipeline.ResponseBodyPolicy.ThrowIfCancellationRequestedOrTimeout(CancellationToken originalToken, CancellationToken timeoutToken, Exception inner, TimeSpan timeout)
2025-01-10T00:26:33.359310405Z at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-01-10T00:26:33.359313105Z at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-01-10T00:26:33.359315705Z at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-01-10T00:26:33.359318305Z at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
2025-01-10T00:26:33.359321005Z at Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
2025-01-10T00:26:33.359323606Z at Azure.Core.HttpPipelineMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
2025-01-10T00:26:33.359326606Z at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
2025-01-10T00:26:33.359329906Z --- End of inner exception stack trace ---
2025-01-10T00:26:33.359332506Z --- End of inner exception stack trace ---
When changed at the code level to use Managed Identity then it works fine. I even thought there might be an issue with RBAC model for SP, hence I tried to login with SP credentials in Azure CLi and tried to retrewive the secrets from KeyVault and it worked/
Could not figure out what was the issues, the only difference is Non-prod is in B2 plan and Production is Premium with 3 static scalable instance plan.
rest of the configuration is identical to non-produciton.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor2025-01-15T21:33:14.66+00:00 Hi @Sumanth Budamagunta
Could you please check the logs and see if you find any insights, the other side please check the network configuration and Authentication in Azure Key Vault.
Please read these documents related to key vault security -
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor
2025-01-20T17:41:13.5233333+00:00 Hi @Sumanth Budamagunta
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help. -
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor
2025-01-21T18:30:49.8133333+00:00 Hi @Sumanth Budamagunta We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment
Sign in to answer