Multiple HTTPS error and long wait time when combine MSI and local development for KeyVault access [BUG] #15626
Comments
ghost
added
needs-triage
jsquire
added
Client
ghost
removed
the
needs-triage
|
//cc: @schaabs |
|
Thank you for your feedback. Tagging and routing to the team members best able to assist. |
|
Key Vault issues a challenge and responds with a 401, to which the challenge is authenticated and sent back. Given that Microsoft.Azure.KeyVault is deprecated and that we made some concurrency improvements to this challenge behavior in our newer packages, we recommend you upgrade to Azure.Security.KeyVault.Secrets. For ASP.NET configuration, you can use newer versions of Microsoft.Configuration.ConfigurationBuilders.Azure that use this packge. This is still going to get an HTTP 401 response, however, but fewer if you have concurrent requests since we minimally block the threads until we can issue a challenge response. If you have problems with connections timing out with the new package (there are other improvements to the pipeline to mitigate connection pool starvation, which also help), please feel free to open an issue with specific details (e.g. stack trace, sanitized trace logs, and package versions). |
|
We will consider a challenge-free auth flow as well: #15651 |
Describe the bug
Localhost connection to Keyvault on startup will fallback multiple HTTPS requests before working and will cause long waiting time on startup. There is 1 minute delay before it start working.
Expected behavior
I would expect that the Azure Keyvault SDK does not try to get keyvault secrets without bearer.
Actual behavior (include Exception or Stack Trace)
What is the actual behavior?
To Reproduce
Here is the startup :
Environment:
The text was updated successfully, but these errors were encountered: