0

I am using DefaultCredential to connect to build configuration from azure keyvault.

      var secretClient = new SecretClient(new Uri($"https://{keyvaultName}.vault.azure.net/"),
           new DefaultAzureCredential(true) 
           );

      IConfigurationRoot configuration = null;

      configuration = new ConfigurationBuilder().AddJsonFile("appsettings.json")
             .AddEnvironmentVariables()
             .AddAzureKeyVault(secretClient, new PrefixKeyVaultSecretManager(environment))
             .AddUserSecrets<Program>().Build();

This was working earlier but now it is failing with interactive browser authentication. After selecting account, it is redirecting back to localhost and throwing error ("localhost sent an invalid response") I am using "Azure.Identity" Version="1.4.1" . I also tried with latest beta package(1.5.0-beta.4). Also Azure.Security.KeyVault.Secrets" Version="4.2.0"

Rob
  • 14,746
  • 28
  • 47
  • 65
Sandeep K
  • 163
  • 2
  • 13

2 Answers2

1

I was getting a similar error from a Windows app using interactive AzureAD authentication. It turned out to be the result of the localhost domain appearing in my Edge (and Chrome) HSTS policy cache. The Azure AD signin flow was trying to redirect to http://localhost:61425/?code=.... But because I had been developing an unrelated ASP.NET application on my machine that used the HSTS middleware (i.e. called app.UseHsts) my browser was remembering that policy and forcing the AzureAD signin redirect to https://localhost:61425/?code=.... That switch from http to https broke the redirect handling in my Windows app.

The solution was to delete the localhost domain from the browser's list of domain security policies.

In edge, type this in the address bar: edge://net-internals/#hsts

In Chrome: chrome://net-internals/#hsts

delete localhost from HSTS cache

See ERR_SSL_PROTOCOL_ERROR for localhost from Visual Studio debug

Matt Varblow
  • 7,651
  • 3
  • 34
  • 44
0

Check your application's redirect URI at Azure Portal. You can find it under Authentication on your application's page.

Set the redirect URI to https://login.microsoftonline.com/common/oauth2/nativeclient.

More information about redirect URIs: https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url

redcoff
  • 46
  • 4
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – Tyler2P Oct 09 '21 at 19:44
  • As you can see in code, I have not used clientId to authenticate to keyvault since the keyvault is in same tenant which I have access. The error message does not say if redirect url is incorrect but says "invalid response" after selecting account. The same code was working fine earlier – Sandeep K Oct 11 '21 at 13:28