We are having issues when developing code that uses the DefaultAzureCredential class when connecting to storage account blobs among other Azure services from our local machines.
It works fine when deployed to Azure, but on our local machines in our development environment a call like this...
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(storageAccountUrl), new DefaultAzureCredential());
...just hangs and eventually does a timeout with an exception saying
{"ManagedIdentityCredential authentication failed."} with an 504 error
I know this credential uses a prioritized "pecking order" to try different credentials (https://docs.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme), so we tried disabling the two first in the chain. This made things work and we were able to login:
var credentialOptions = new DefaultAzureCredentialOptions();
if (ConfigurationManager.AppSettings["IsDevelopmentEnvironment"].Equals("true"))
{
credentialOptions.ExcludeEnvironmentCredential = true;
credentialOptions.ExcludeManagedIdentityCredential = true;
}
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(storageAccountUrl), new DefaultAzureCredential(credentialOptions));
But we should not need to have code like this, and this will prevent the app from working in Azure. This contradicts the whole point of this class.
Does anyone have insight into how we can make this work more seamless in our development environment?