Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't connect to Azure China SignalR using AAD #1877

Closed
MeihuaWang opened this issue Dec 8, 2023 · 4 comments
Closed

can't connect to Azure China SignalR using AAD #1877

MeihuaWang opened this issue Dec 8, 2023 · 4 comments
Assignees
@terencefan

Comments

@MeihuaWang
Copy link

Describe the bug

we can connect to Azure China SignalR using the access key connection string, but failed to connect to Azure China SignalR using AAD, tried AuthType=azure and AuthType=azure.app by following https://learn.microsoft.com/en-us/azure/azure-signalr/concept-connection-string#use-microsoft-entra-id , we knew we needed to change authority host when connecting to Azure China services using azure SDKs, but we didn't find out where we can configure the authority host from AddAzureSignalR() method, could you pls offer the way to change the authority host to be Azure China? thank you.

To Reproduce

builder.Services.AddSignalR().AddAzureSignalR("Endpoint=https://XXX.signalr.azure.cn;AuthType=azure.app;ClientId=XXXClientSecret=XXX;TenantId=b388b808-0ec9-4a09-a414-a7cbbd8b7e9b;Version=1.0;");
fully followed https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-quickstart-dotnet-core

Exceptions (if any)

image
image

Further technical details

Microsoft.Azure.SignalR 1.22.0
net6.0
@MeihuaWang
Copy link
Author

even when we updated the AuthorityHost to AzureAuthorityHosts.AzureChina like below, we still see the same error with "error_uri":"https://login.microsoftonline.com/error?code=90002", the error uri is pointing to global endpoint, which doesn't make sense.

builder.Services.AddSignalR().AddAzureSignalR(option =>
{
var credential1 = new ClientSecretCredential("tenantID", "clientID", "clientsecret", new ClientSecretCredentialOptions() { AuthorityHost = AzureAuthorityHosts.AzureChina });

ServiceEndpoint end =  new ServiceEndpoint(new Uri("https://XXX.signalr.azure.cn"), credential1);

option.Endpoints = new ServiceEndpoint[]
{
   end,
};

});

@terencefan
Copy link
Member

Connection string is not supported in sovereign regions when using Microsoft Entra ID (AAD) authorization.

var credentialOptions = new DefaultAzureCredentialOptions()
{
    AuthorityHost = AzureAuthorityHosts.AzureChina,
};
 
option.Endpoints = new ServiceEndpoint[] {
    new ServiceEndpoint(new Uri("https://<hostname>"), new DefaultAzureCredential(credentialOptions))
};

Please follow this sample to change your AuthorityHost to AzureChina.

@terencefan
Copy link
Member

terencefan commented Dec 20, 2023
edited

Try running this command before you start your service if the previous code does not work.

dotnet user-secrets remove Azure:SignalR:ConnectionString

This command will remove ConnectionString in your env variables.

@MeihuaWang
Copy link
Author

Try running this command before you start your service if the previous code does not work.

dotnet user-secrets remove Azure:SignalR:ConnectionString

This command will remove ConnectionString in your env variables.

it's working now after I removed ConnectionString from appsettings.json, thank you very much

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@terencefan terencefan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terencefan @MeihuaWang