Azure Service Bus managed identity in Visual Studio returning 401 - Token issuer is invalid

Question

I'm attempting to access Azure Service Bus using a managed identity from my code. At the moment I'm just trying this locally.

When I debug my code I get the following error

System.UnauthorizedAccessException: Put token failed. status-code: 401, status-description: InvalidIssuer: Token issuer is invalid

Here is my service bus instance

Here is my user with Azure Service Bus Data Owner permissions

And here is my code

_client = new ServiceBusClient("oconnorevents.servicebus.windows.net", new DefaultAzureCredential());

I am logged into Visual Studio as the same user added to the service bus. I also tried logging in via the CLI but it didn't help.

Where am I going wrong here?

I've looked at this similar recent question here but the solutions proposed didn't work for me.

Answer 1

Since I have access to several different tenants, Visual Studio sometimes gets confused. Another way you can handle this is to continue to use the DefaultAzureCredential, but to give Visual Studio a hint about which tenant to use.
First left click the your project and examine the properties and then:

1. Left-click "Debug"
2. Left-click the "Add" button to add an environment variable
3. For name use "AZURE_TENANT_ID" and for value use your tenant id. Yes, that is a bogus tenant id in the picture :-)

Reference

• https://docs.microsoft.com/en-us/dotnet/api/azure.identity.environmentcredential?view=azure-dotnet
• https://damienbod.com/2020/10/09/using-key-vault-certificates-with-microsoft-identity-web-and-asp-net-core-applications/

Answer 2

Specify the exact tenant id by adding the following key to local.settings.json.

"AZURE_TENANT_ID": "your tenant id"

I tried to create an azure function that receives messages from a service bus queue using a managed identity trigger and it worked for me.