11

I am using the following code to test system managed identity on my web app and it works fine when I deploy in Azure but is there a way to test locally(without giving permissions to my Azure account for the resource?)?

AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();

KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var secret = await keyVaultClient.GetSecretAsync("https://EASDemo.vault.azure.net/secrets/test")
                .ConfigureAwait(false);
return new string[] { secret.Value };
Liam
  • 27,717
  • 28
  • 128
  • 190
Pratik Mehta
  • 1,310
  • 4
  • 15
  • 37

1 Answers1

11

Options to test locally (VS, CLI) are documented here:

Authenticating with Visual Studio

To authenticate by using Visual Studio:

  1. Sign in to Visual Studio and use Tools > Options to open Options.
  2. Select Azure Service Authentication, choose an account for local development, and select OK.

If you run into problems using Visual Studio, such as errors that involve the token provider file, carefully review the preceding steps.

You may need to reauthenticate your developer token. To do so, select Tools > Options, and then select Azure Service Authentication. Look for a Re-authenticate link under the selected account. Select it to authenticate.

If you do not want to use your developer identity, you can also use a certificate or secret key (though not recommended as it can be checked in to source repository by mistake). These options are documented here.

Nick is tired
  • 6,860
  • 20
  • 39
  • 51
Varun Sharma
  • 568
  • 4
  • 5
  • Thank you so much for your reply. Currently, we are using a Certificate based approach to authenticate Key Vault. Our most of the services are deployed on Service Fabric (and few in app service) and all the developers do not have developer identity(we have 100+ resources working on project). how should we handle local debugging scenario? Developers mostly prefer to check-in code after debugging in local. – Pratik Mehta Feb 10 '19 at 18:35
  • Also the documentation says "Ideally, the credentials never appear on developer workstations and aren't checked into source control. " but if we follow multiple approaches to allow local debugging then the above point is not correct. – Pratik Mehta Feb 10 '19 at 18:36
  • 1
    Please check this answer on how to use cert based approach for service fabric. https://stackoverflow.com/questions/49859477/access-key-vault-from-local-service-fabric-cluster-with-msi. Please let me know if you have follow-up questions. – Varun Sharma Feb 19 '19 at 20:57
  • On occasion I have found it necessary to logout and login again (remove account from VS and add it back) - even though the credentials were up to date and working for other tasks in VS – golfalot Nov 06 '20 at 15:49