can't connect to Azure China SignalR using AAD

Question

can't connect to Azure China SignalR using AAD

MeihuaWang opened this issue 6 months ago · comments

Describe the bug

we can connect to Azure China SignalR using the access key connection string, but failed to connect to Azure China SignalR using AAD, tried AuthType=azure and AuthType=azure.app by following https://learn.microsoft.com/en-us/azure/azure-signalr/concept-connection-string#use-microsoft-entra-id , we knew we needed to change authority host when connecting to Azure China services using azure SDKs, but we didn't find out where we can configure the authority host from AddAzureSignalR() method, could you pls offer the way to change the authority host to be Azure China? thank you.

To Reproduce

builder.Services.AddSignalR().AddAzureSignalR("Endpoint=https://XXX.signalr.azure.cn;AuthType=azure.app;ClientId=XXXClientSecret=XXX;TenantId=b388b808-0ec9-4a09-a414-a7cbbd8b7e9b;Version=1.0;");
fully followed https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-quickstart-dotnet-core

Exceptions (if any)

Further technical details

Microsoft.Azure.SignalR 1.22.0
net6.0

MeihuaWang · Answer 1 · Fri Dec 08 2023 18:17:45 GMT+0800 (China Standard Time)

even when we updated the AuthorityHost to AzureAuthorityHosts.AzureChina like below, we still see the same error with "error_uri":"https://login.microsoftonline.com/error?code=90002", the error uri is pointing to global endpoint, which doesn't make sense.

builder.Services.AddSignalR().AddAzureSignalR(option =>
{
var credential1 = new ClientSecretCredential("tenantID", "clientID", "clientsecret", new ClientSecretCredentialOptions() { AuthorityHost = AzureAuthorityHosts.AzureChina });

ServiceEndpoint end =  new ServiceEndpoint(new Uri("https://XXX.signalr.azure.cn"), credential1);

option.Endpoints = new ServiceEndpoint[]
{
   end,
};

});

Terence Fan · Answer 2 · Wed Dec 20 2023 13:54:14 GMT+0800 (China Standard Time)

Connection string is not supported in sovereign regions when using Microsoft Entra ID (AAD) authorization.

var credentialOptions = new DefaultAzureCredentialOptions()
{
    AuthorityHost = AzureAuthorityHosts.AzureChina,
};
 
option.Endpoints = new ServiceEndpoint[] {
    new ServiceEndpoint(new Uri("https://<hostname>"), new DefaultAzureCredential(credentialOptions))
};

Please follow this sample to change your AuthorityHost to AzureChina.

Terence Fan · Answer 3 · Wed Dec 20 2023 13:56:13 GMT+0800 (China Standard Time)

Try running this command before you start your service if the previous code does not work.

dotnet user-secrets remove Azure:SignalR:ConnectionString

This command will remove ConnectionString in your env variables.

MeihuaWang · Answer 4 · Wed Dec 20 2023 16:19:45 GMT+0800 (China Standard Time)

Try running this command before you start your service if the previous code does not work.
dotnet user-secrets remove Azure:SignalR:ConnectionString
This command will remove ConnectionString in your env variables.

it's working now after I removed ConnectionString from appsettings.json, thank you very much