Documentation on using local developer accounts for auth is missing a few steps.

[michalkrzych]

Hi all.

Update:

Please ignore the strike-throughed section below. After a bit more playing with this I've discovered that the ExcludeVisualStudioCredential wasn't the root cause of the issue. Please see below for the update about the steps which need to be taken. Sincere apologies about the confusion I may have caused.

According to the documentation, when using developer accounts to authenticate one can use the DefaultAzureCredential class. The code examples didn't work for me unless I explicitly pass the DefaultAzureCredentialOptions with the ExcludeVisualStudioCredential flag set to false:

DefaultAzureCredential defaultAzureCredentialTokenProvider = new DefaultAzureCredential(new DefaultAzureCredentialOptions()
{
    ExcludeVisualStudioCredential = false,
});

Unless the ExcludeVisualStudioCredential is set to false, I'm getting the following error message:

DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
- ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
- Process "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS65001: The user or administrator has not consented to use the application with ID 'GUID' named 'Visual Studio'. Send an interactive authorization request for this user and resource.
Trace ID: GUID
Correlation ID: GUID
Timestamp: 2023-05-18 09:22:40Z'.
- Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
- Please run 'az login' to set up account
- PowerShell is not installed.

UPDATE:
After playing with this for a bit more I also discovered that the docs don't mention other steps that needs setting up to get this to work:

Step 1

Go to AAD overview blade -> Enterprise Applications - find your API registration and then under the Users and Groups blade and assign your users/groups to specific app-roles for your application. Ex:

Step 2

Go to your app registration's Authentication blade and add a platform -> Choose Web plaform and add your redirect to your localhost:port and make sure you tick the the options : Access tokens and ID tokens

Step 3

Now if you try to run this in VS, you should see an error message:

• Process "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\CommonExtensions\Microsoft\Asal\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS65001: The user or administrator has not consented to use the application with ID 'GUID' named 'Visual Studio'. Send an interactive authorization request for this user and resource.

Make a note of your GUID for your application ID which you need to add to the app registration's Expose API blade:

1. Add a scope:

2. Add your client application ID (the GUID you've noted)

Now, we should be able to go back to VS and use the DefaultAzureCredential without any options being set explicitly.

Thought it was maybe worth mentioning and enhancing the documentation with this, hopefully, helpful information.

PS. Related issue: 'ExcludeVisualStudioCredential default is true' should be mentioned in the DefaultAzureCredential's documentation

Thanks & Regards,
Michal

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 1c677e2f-0e33-b160-4783-e756d35f60f2
• Version Independent ID: f5c33eca-03ea-9f8c-2069-ecf8aac20ec7
• Content: Authenticate .NET apps to Azure services during local development using developer accounts
• Content Source: docs/azure/sdk/authentication-local-development-dev-accounts.md
• Product: dotnet-azure
• GitHub Login: @alexwolfmsft
• Microsoft Alias: alexwolf

[ORzazade]

Hi @michalkrzych
Thank you for the issue, I have spent 1 day to find out that. It has to be mentioned in the documentation.

Did the solution work for you?

here is my example:
`

shareServiceClient = new ShareServiceClient(new Uri("URL"),
    new DefaultAzureCredential(new DefaultAzureCredentialOptions
    {
        ExcludeVisualStudioCredential = false,
    }));


var shareClient = shareServiceClient.GetShareClient("fileshare");
var directoryClient = shareClient.GetRootDirectoryClient();

var exist = directoryClient.Exists();

`

When I set false and call Exist() then I got An HTTP header that's mandatory for this request is not specified. exception.

An HTTP header that's mandatory for this request is not specified.
RequestId:5dcd1d18-b01a-0016-597c-8954d8000000
Time:2023-05-18T11:31:06.6647323Z
Status: 400 (An HTTP header that's mandatory for this request is not specified.)
ErrorCode: MissingRequiredHeader
Additional Information:
HeaderName: x-ms-file-request-intent
Content:
MissingRequiredHeaderAn HTTP header that's mandatory for this request is not specified.
RequestId:5dcd1d18-b01a-0016-597c-8954d8000000
Time:2023-05-18T11:31:06.6647323Zx-ms-file-request-intent
Headers:
Server: Windows-Azure-File/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5dcd1d18-b01a-0016-597c-8954d8000000
x-ms-client-request-id: 81b4873b-6414-48fc-8d66-f9b71518b751
x-ms-version: 2022-11-02
x-ms-error-code: MissingRequiredHeader
Date: Thu, 18 May 2023 11:31:05 GMT
Content-Length: 305
Content-Type: application/xml