[BUG] VisualStudioCredential error AADSTS65002 connecting to Azure Monitor Control Service

[serge-rsvz-inasti]

Library name and version

Azure.Identity 1.11.3

Describe the bug

An error occurs when attempting to authenticate using VisualStudioCredential credentials. The error message indicates a consent issue between the first-party application and resource, requiring preauthorization. (VisualStudioCredential with Azure Monitor Control Service)

Expected behavior

The application should successfully authenticate using the credentials.

Actual behavior

The application fails to authenticate, and the following error message is displayed: AADSTS65002: Consent between first party application '04f0c124-f2bc-4f59-8241-bf6df9866bbd' and first party resource 'e933bd07-d2ee-4f1d-933c-3752b819567b' must be configured via preauthorization.

Reproduction Steps

Create a new .Net (8) Web API and add application inishgt as such:

        builder.Services.Configure<TelemetryConfiguration>(config =>
        {
            config.SetAzureTokenCredential(new VisualStudioCredential());
        });
        builder.Services.AddApplicationInsightsTelemetry(options =>
        {
            options.ConnectionString = connectionString;
        });

Run the API and access some page.

Environment

Azure Subscription offer: Enterprise Dev/Test
Visual Studio Enterprise 17.9.7

[github-actions]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[serge-rsvz-inasti]

TIPS to observe the issue:

Replace VisualStudioCredential by your own inheriting implementation, and observe the behaviour of AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)

internal class VisualStudioCredentialX : VisualStudioCredential
{
    public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
    {
        return base.GetToken(requestContext, cancellationToken);
    }
}

[christothes]

hi @serge-rsvz-inasti
This is something that Visual Studio can resolve via updating its first party pre-authorizations. Please report this via the instructions mentioned here and include the details of the AADSTS65002 error via the reporting link mentioned in the link above.

[github-actions]

Hi @serge-rsvz-inasti. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

[serge-rsvz-inasti]

hi @serge-rsvz-inasti This is something that Visual Studio can resolve via updating its first party pre-authorizations. Please report this via the instructions mentioned here and include the details of the AADSTS65002 error via the reporting link mentioned in the link above.

This approach has not worked so far.

It’s worth noting that the credentials are working fine for KeyVault, and the Azure Subscription offer is Enterprise Dev/Test.

My hypothesis is that Azure Monitor Control Service might not recognize Visual Studio as a preauthorized application under the Enterprise Dev/Test offer.

[github-actions]

Hi @serge-rsvz-inasti, since you haven’t asked that we /unresolve the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve to reopen the issue.