Question 263245 in Azure Question posted in
The official documentation to get you started can be found here.

How can I specify the tenant for a DefaultAzureCredential, when multiple tenantIds are stored locally?

Quick background, I’m 100% new to local Azure development and I’ve been brought into an existing project. I have tried to read through MS documentation on this topic, and I have a high-level understanding of Azure authentication, but I don’t know how to solve this problem after extensive research.

My problem is that when I downloaded the source project, my manager walked me through the setup process within Visual Studio so that I can locally build and run the project. One of the first steps was to go to the Developer PowerShell in Visual Studio and run az login, to log in locally to MS Azure. I did this, and since my account has multiple tenants (a personal one, and one delegated to me by my client) the process returned a list of tenant details, rather than just a single tenant login.

When we ran the application locally on my machine, the application encountered an exception with this code:

builder.Configuration.AddAzureKeyVault(
    new Uri("REDACTED"),
    new DefaultAzureCredential());

We discovered that since I had two authenticated tenants, the DefaultAzureCredential() object was selecting the wrong tenant of the two that were received from the login process, which are cached somewhere on my dev machine.

What we need to do is modify the code above to specify the specific tenant associated with this project. When I logged in with the az login command manually, I could see that it outputted JSON details to console as a collection of tenant details. From within those details, I could tell which tenant I need to use within the project based off of it’s respective name property. However, I cannot figure out how to obtain this local, tenant list and search for the proper tenant by name so that I can get it’s respective tenantId for the application.

How can I access and search these cached details in my C# code?

For context, this is a Web API project and the Azure authentication setup is being called on start-up in Program.cs. I’m not sure if that matters or not, but that’s how the application is setup. Also, to be clear, whatever changes that are made need to work for local development, but for deployment to production as well.

Tags:

2

Answers


  1. 0

    You can use DefaultAzureCredential(DefaultAzureCredentialOptions) constructor override and specify tenant id in DefaultAzureCredentialOptions. So your code would be something like:

    builder.Configuration.AddAzureKeyVault(
    new Uri("REDACTED"),
    new DefaultAzureCredential(new DefaultAzureCredentialOptions() { TenantId = "<your-tenant-id>"}));
    Login or Signup to reply.
  2. 0

    I understand from your post that you used az login to login to your account but you have multiple tenants linked to that account which are outputed after you execute that command.
    If that’s true and you wanna select one to be used as default credential source you could use the next command in your CLI

    az login --tenant <TenantID>
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search