AADSTS50020:租户“Microsoft”中不存在来自身份提供者的用户帐户“{EmailHidden}”,并且无法访问应用程序
AADSTS50020:租户“Microsoft”中不存在来自身份提供者的用户帐户“{EmailHidden}”,并且无法访问应用程序
提问于 2022-07-31 14:06:27
使用Azure.Identity运行dotnet 6.0.302在Windows 10 Visual Studio 2022 v17.1.5应用程序类型- Asp.Net Core Web Api上运行
我正在尝试实现Azure应用程序配置。
在使用DefaultCredentials()时,试图获得身份验证令牌的尝试在所有级别的凭据类型上都失败。我试图提供一个分配给托管标识的用户,但没有效果。
不过,我注意到日志里有可疑的东西。有一些Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)实例,但我不确定ip地址所指的是什么。
请注意:-
- 我可以,而不是平这个ip地址从我的电脑。
- 无论使用托管标识,错误都是相同的。因此,仅使用没有任何参数的新
DefaultAzureCredential()也会引发相同的错误。
我正在使用我的个人Azure订阅。
请提供指导,以解决这一问题,并向前迈进。
这是我的WebApi配置
var builder = WebApplication.CreateBuilder(args);
// Setup a listener to monitor logged events.
using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();
var defaultClientCredentialsOptions = new DefaultAzureCredentialOptions()
{
Diagnostics =
{
LoggedHeaderNames = { "x-ms-request-id" },
LoggedQueryParameters = { "api-version" },
IsLoggingContentEnabled = true
}
};
// Plugin App Configuration Store
var appConfigStore = builder.Configuration.GetConnectionString("EshopClone:AppConfiguration");
var userAssignedMIClientId = builder.Configuration["UserAssignedMIClientId"];
var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = userAssignedMIClientId });
builder.Host.ConfigureAppConfiguration(hostBuilder =>
{
hostBuilder.AddAzureAppConfiguration(options =>
{
options.Connect(appConfigStore)
.ConfigureKeyVault(kv =>
{
kv.SetCredential(credential);
});
});
});以下是详细的错误:
EshopClone\Services\Catalog\Catalog.Api\bin\Debug\net6.0\Catalog.Api.exe (process 38972) exited with code -1.
To automatically close the console when debugging stops, enable Tools->Options->Debugging->Automatically close the console when debugging stops.
Press any key to close this window . . .
EshopClone\Services\Catalog\Catalog.Api\bin\Debug\net6.0\Catalog.Api.exe (process 43516) exited with code -1.
To automatically close the console when debugging stops, enable Tools->Options->Debugging->Automatically close the console when debugging stops.
Press any key to close this window . . .[Informational] Azure-Core: Request [2a2c1a3c-7c03-4ccf-b529-82ebe89b1db0] GET https://myappconfigurationurl.azconfig.io/kv/?key=REDACTED&label=REDACTED&api-version=1.0
Accept:application/vnd.microsoft.appconfig.kv+json
Correlation-Context:REDACTED
User-Agent:Microsoft.Extensions.Configuration.AzureAppConfiguration/5.1.0,azsdk-net-Data.AppConfiguration/1.2.0,(.NET 6.0.7; Microsoft Windows 10.0.19044)
x-ms-client-request-id:2a2c1a3c-7c03-4ccf-b529-82ebe89b1db0
x-ms-return-client-request-id:true
x-ms-content-sha256:REDACTED
Date:Sun, 31 Jul 2022 01:22:01 GMT
Authorization:REDACTED
client assembly: Azure.Data.AppConfiguration
[Informational] Azure-Core: Response [2a2c1a3c-7c03-4ccf-b529-82ebe89b1db0] 200 OK (01.1s)
Server:openresty/1.17.8.2
Date:Sun, 31 Jul 2022 01:22:14 GMT
Transfer-Encoding:chunked
Connection:keep-alive
Sync-Token:zAJw6V16=NToxOSMxOTk0ODMyOA==;sn=19948328
x-ms-request-id:a969b01a-edd4-4b14-b38f-c37c0aee185f
x-ms-client-request-id:2a2c1a3c-7c03-4ccf-b529-82ebe89b1db0
x-ms-correlation-request-id:a969b01a-edd4-4b14-b38f-c37c0aee185f
Access-Control-Allow-Origin:*
Access-Control-Allow-Credentials:true
Access-Control-Expose-Headers:REDACTED
Strict-Transport-Security:max-age=15724800; includeSubDomains
Content-Type:application/vnd.microsoft.appconfig.kvset+json; charset=utf-8
[Informational] Azure-Core: Request [7b3aebb0-5882-41fd-8c4c-3f2cb359ef15] GET https://mykeyvault.vault.azure.net/secrets/Catalog-Api-KVMessage/?api-version=7.2
Accept:application/json
x-ms-client-request-id:7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Security.KeyVault.Secrets/4.2.0,(.NET 6.0.7; Microsoft Windows 10.0.19044)
Content-Type:application/json
client assembly: Azure.Security.KeyVault.Secrets
[Warning] Azure-Core: Error response [7b3aebb0-5882-41fd-8c4c-3f2cb359ef15] 401 Unauthorized (00.2s)
Cache-Control:no-cache
Pragma:no-cache
WWW-Authenticate:Bearer authorization="https://login.windows.net/8f75f741-333d-429e-a535-e1304c1dd62d", resource="https://vault.azure.net"
x-ms-keyvault-region:eastus
x-ms-client-request-id:7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
x-ms-request-id:fa78180c-6723-4459-a182-ca2decfecaad
x-ms-keyvault-service-version:1.9.472.5
x-ms-keyvault-network-info:conn_type=Ipv4;addr=76.205.200.211;act_addr_fam=InterNetwork;
X-Content-Type-Options:REDACTED
Strict-Transport-Security:REDACTED
Date:Sun, 31 Jul 2022 01:22:14 GMT
Content-Length:97
Content-Type:application/json; charset=utf-8
Expires:-1
[Informational] Azure-Identity: DefaultAzureCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Identity: EnvironmentCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Identity: EnvironmentCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED&client_id=REDACTED
Metadata:REDACTED
x-ms-client-request-id:5fb9375f-1c4c-40b6-9ecc-ee29f260e34b
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.0,(.NET 6.0.7; Microsoft Windows 10.0.19044)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
--- End of inner exception stack trace ---
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async) at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] retry number 1 took 00.1s
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED&client_id=REDACTED
Metadata:REDACTED
x-ms-client-request-id:5fb9375f-1c4c-40b6-9ecc-ee29f260e34b
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.0,(.NET 6.0.7; Microsoft Windows 10.0.19044)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
--- End of inner exception stack trace ---
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async) at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] retry number 2 took 00.0s
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED&client_id=REDACTED
Metadata:REDACTED
x-ms-client-request-id:5fb9375f-1c4c-40b6-9ecc-ee29f260e34b
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.0,(.NET 6.0.7; Microsoft Windows 10.0.19044)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
--- End of inner exception stack trace ---
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async) at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] retry number 3 took 00.0s
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=REDACTED&client_id=REDACTED
Metadata:REDACTED
x-ms-client-request-id:5fb9375f-1c4c-40b6-9ecc-ee29f260e34b
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.6.0,(.NET 6.0.7; Microsoft Windows 10.0.19044)
client assembly: Azure.Identity
[Informational] Azure-Core: Request [5fb9375f-1c4c-40b6-9ecc-ee29f260e34b] exception Azure.RequestFailedException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Http.HttpRequestException: A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Sockets.SocketException (10051): A socket operation was attempted to an unreachable network.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
--- End of inner exception stack trace ---
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
at Azure.Core.Pipeline.HttpPipelineTransportPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline)
at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async) at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
[Informational] Azure-Identity: ManagedIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
---> System.AggregateException (0x80131500): Retry failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry. (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80)) (A socket operation was attempted to an unreachable network. (169.254.169.254:80))
---> Azure.RequestFailedException (0x80131500): A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Http.HttpRequestException (0x80004005): A socket operation was attempted to an unreachable network. (169.254.169.254:80)
---> System.Net.Sockets.SocketException (0x80004005): A socket operation was attempted to an unreachable network.
[Informational] Azure-Identity: VisualStudioCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Identity: VisualStudioCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '872cd9fa-d31f-45e0-9eab-6e460a02d1f1'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: 72758044-988d-4eb7-a02a-88b03cc98b00
Correlation ID: 9ab458cd-36b1-4fcb-b9c5-a6fda19b3704
Timestamp: 2022-07-31 01:22:23Z'.
---> System.InvalidOperationException (0x80131509): TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '872cd9fa-d31f-45e0-9eab-6e460a02d1f1'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: 72758044-988d-4eb7-a02a-88b03cc98b00
Correlation ID: 9ab458cd-36b1-4fcb-b9c5-a6fda19b3704
Timestamp: 2022-07-31 01:22:23Z'
[Informational] Azure-Identity: VisualStudioCodeCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Identity: VisualStudioCodeCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
---> System.InvalidOperationException (0x80131509): CredRead has failed but error is unknown.
[Informational] Azure-Identity: AzureCliCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Identity: AzureCliCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): Azure CLI not installed
[Informational] Azure-Identity: AzurePowerShellCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15
[Informational] Azure-Identity: AzurePowerShellCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): Az.Account module >= 2.2.0 is not installed.
[Informational] Azure-Identity: DefaultAzureCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 7b3aebb0-5882-41fd-8c4c-3f2cb359ef15 Exception: Azure.Identity.CredentialUnavailableException (0x80131500): DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
- ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
- Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '872cd9fa-d31f-45e0-9eab-6e460a02d1f1'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: 72758044-988d-4eb7-a02a-88b03cc98b00
Correlation ID: 9ab458cd-36b1-4fcb-b9c5-a6fda19b3704
Timestamp: 2022-07-31 01:22:23Z'.
- Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
- Azure CLI not installed
- Az.Account module >= 2.2.0 is not installed.
---> System.AggregateException (0x80131500): Multiple exceptions were encountered while attempting to authenticate. (EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot) (ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.) (Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '872cd9fa-d31f-45e0-9eab-6e460a02d1f1'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: 72758044-988d-4eb7-a02a-88b03cc98b00
Correlation ID: 9ab458cd-36b1-4fcb-b9c5-a6fda19b3704
Timestamp: 2022-07-31 01:22:23Z'.) (Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot) (Azure CLI not installed) (Az.Account module >= 2.2.0 is not installed.)
---> Azure.Identity.CredentialUnavailableException (0x80131500): EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
EshopClone\Services\Catalog\Catalog.Api\bin\Debug\net6.0\Catalog.Api.exe (process 45532) exited with code -1.
To automatically close the console when debugging stops, enable Tools->Options->Debugging->Automatically close the console when debugging stops.
Press any key to close this window . . .回答 2
Stack Overflow用户
发布于 2022-08-01 12:42:17
所有异常,包括RequestFailedExcpetion、AADSTS50020 (这些异常通常是由DefaultAzureCredential authenticating an account other than the intended one引起的,或者当该帐户没有指定correct permissions或角色时)。etc导致用户未经授权调用特定端点,目标可能位于该端点的另一个网络上,从而导致套接字异常。
请检查以下解决问题的方法。
- 再签个名再签一次。选择Tools > Options 菜单在Visual中启动Options对话框。导航到Azure服务身份验证选项,并使用Azure Active所需帐户登录。
要尝试访问正确的帐户,请尝试使用AzureCli,登录到该帐户并从其他帐户或VS登录,确保令牌只从该帐户请求,而不是从其他帐户请求。 使用下面的cli命令帐户来验证当前登录的帐户,但在此之前,请确保Azure CLI已正确安装。安装说明可以找到这里。 az帐户显示 一旦您验证了Azure CLI是否使用了正确的帐户,您就可以验证它是否能够为该帐户获取令牌。 az帐户获取访问令牌输出json资源https://management.core.windows.net
- 将Visual和包更新为最新版本。
- 排除带有ExcludeXXXCredential属性的凭据
- 请注意,默认情况下不包括诸如InteractiveBrowserCredential之类的凭据,这需要用户交互。在构造DefaultAzureCredential时,您可能必须通过设置
for example:includeInteractiveCredentials to true或DefaultAzureCredentialOptions.中的ExcludeInteractiveBrowserCredential property to false来启用或禁用所需的凭据。 尝试给ExcludeVisualStudioCredential to true,如果上面的步骤不能解决问题,.Or,您可以包括azurecli证书或其他用于用户身份验证。 var options = new DefaultAzureCredentialOptions() { ExcludeAzurePowerShellCredential = true,ExcludeEnvironmentCredential = true,ExcludeAzureCliCredential = true,ExcludeInteractiveBrowserCredential = false,ExcludeManagedIdentityCredential = true,ExcludeSharedTokenCacheCredential = true,ExcludeVisualStudioCodeCredential = true,ExcludeVisualStudioCredential = false }; - 请确保将正确的角色分配给特定于该服务的帐户,而不是整个订阅角色,例如订阅的所有者。
- 确保在应用程序之前设置相关的环境变量。
·要验证使用客户端机密的服务主体,必须确保正确设置变量AZURE_CLIENT_ID, AZURE_TENANT_ID和AZURE_CLIENT_SECRET。
·对于应用程序服务的托管标识,请确保其配置正确,并在环境中设置了环境变量(如MSI_ENDPOINT和MSI_SECRET )。指令可以找到这里。
请检查故障排除·GitHub
参考资料:
Stack Overflow用户
发布于 2022-08-15 21:38:23
您的代码使用连接字符串连接到Azure App配置,并使用AAD (用户指定的托管标识)连接到Key (用于Key引用)。问题不是Azure应用程序的配置,而是关键的Vault。请确保您授予您的用户指定的管理身份,读取权限,在您的密钥库中的秘密。
请查看下面文档中的Grant your app access to Key Vault:
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73183972
复制相关文章
相似问题
腾讯云开发者
