Using Visual Studio Pro with C# .NET to Azure Blob Storage

Question

Using Visual Studio Pro with C# .NET to Azure Blob Storage

Wahlroos, David (MNIT) 0

I am part of a development team working with an app which uses C# and .NET on the backend. One of the functions is to write file uploads to Azure Blob Storage. All of the other developers have no problem, yet for some reason I receive errors on authentication.

We are connecting with a client secret. My environment variables are correct. I have checked, reset, rechecked them so many times I know that isn't the issue. I am using AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET all with the correct values, yet I am receiving the errors. I have placed debug breakpoints to look at the values for my Environment Variables and they all appear correct. I don't have access to any management capabilities for Azure management so I don't have any information from that.

They are correct after creating defaultAzureCredential in the Program.cs

Since the other 2 devs are not having issue, and our code is the same I am guessing it must be either something in my VS settings or a setup item missed in Azure. (although using a secret I don't know that there would be anything specific to a particular user)

Here are the errors I've captured, I am hoping someone can shed some light on the situation.

{"ClientSecretCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app

"A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app

and this is being added to the log file.

[ERR] Error uploading files: DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot

EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information.

Accepted answer

1 additional answer

Your answer

Answer 1

The error messages seem to imply that environment variables were read but possibly are invalid or malformed and that Entra ID is rejecting the secret as invalid.

Double-check you are using the secret value, not the secret ID

Go to Azure portal > Entra ID > App Registrations > Your App > Certificates & secrets.

Secret ID = A GUID shown in the table (this is not what you use).
Secret Value = Only visible when the secret is first created. This is what you must copy and store securely.

Verify your env vars are correctly named and loaded

Azure SDK uses the following:

AZURE_TENANT_ID
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET

Run the following in your debugger to confirm:

Console.WriteLine($"Tenant: {Environment.GetEnvironmentVariable("AZURE_TENANT_ID")}");
Console.WriteLine($"ClientId: {Environment.GetEnvironmentVariable("AZURE_CLIENT_ID")}");
Console.WriteLine($"Secret: {(string.IsNullOrEmpty(Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET")) ? "MISSING" : "SET")}");

If these are missing in the runtime process, even if they're set in the system/user environment, your app may not see them. In Visual Studio:

Go to Project > Properties > Debug
Ensure AZURE_TENANT_ID, etc., are present in "Environment variables" for the debug profile.

Alternatively, set them in your shell and run the app from CLI.

Check if you are using DefaultAzureCredential in an environment where other credentials interfere

DefaultAzureCredential will try many credential types in order:

EnvironmentCredential
ManagedIdentityCredential
SharedTokenCacheCredential
VisualStudioCredential
etc.

Add logging to confirm which credential is failing:

var options = new DefaultAzureCredentialOptions
{
    Diagnostics =
    {
        IsLoggingContentEnabled = true,
        LoggedHeaderNames = { "x-ms-request-id" },
        LoggedQueryParameters = { "api-version" },
        IsAccountIdentifierLoggingEnabled = true
    }
};

var credential = new DefaultAzureCredential(options);

Or simplify for testing:

var credential = new ClientSecretCredential(
    Environment.GetEnvironmentVariable("AZURE_TENANT_ID"),
    Environment.GetEnvironmentVariable("AZURE_CLIENT_ID"),
    Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET")
);

This eliminates all other credential types that might be interfering.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Wahlroos, David (MNIT) 0 Reputation points

2025-07-31T21:55:23.6566667+00:00

I did everything above but still get the error with the exception of logging in to check Azure, as I do not have access for those items. However, I have double checked with my co-workers and the values for the environment variables captured with your suggested new credential were the same as they are using. Thank you for the ideas and taking the time to respond!
Raja Pothuraju 29,330 Reputation points Microsoft External Staff Moderator

2025-07-31T23:18:15.98+00:00

Hello Wahlroos, David (MNIT),

Based on the error message you shared — AADSTS7000215: Invalid client secret provided — this typically occurs when either the client secret has expired or the incorrect value is being used. Please ensure that the secret included in your request is the client secret value, not the client secret ID.

If the current client secret has expired, you’ll need to generate a new one. Please follow the steps below to create a new client secret:

In the Microsoft Entra admin center, in App registrations, select your application.

Select Certificates & secrets > Client secrets > New client secret.

Add a description for your client secret.

Select an expiration for the secret or specify a custom lifetime.

Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months.

Microsoft recommends that you set an expiration value of less than 12 months.

Select Add.

Record the client secret Value for use in your client application code. This secret value is never displayed again after you leave this page.

As you mentioned, if all the values provided are correct and you're still encountering the issue, I’d like to connect with you offline to better understand this behavior.Please share your email address and your availability for a call over private message so we can proceed accordingly.
Raja Pothuraju 29,330 Reputation points Microsoft External Staff Moderator

2025-08-11T18:11:19.5166667+00:00

Hello Wahlroos, David (MNIT),

Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.

Answer 2

I appreciate all of the feedback, Thank you everyone. We found that there was a user variable and system variable, both with the same name for each of the 3 variables. I removed them all, double checked all of the necessary variables and recreated only the user variables. I still had issues. It appears that the AZURE_CLIENT_SECRET variable I was using was from set up documentation that had not been updated with the correct value. That explains why everything seemed correct. When I was able to get some one-one time with one of our Hosting Integration people we were able to better review the problem.

Share via

Using Visual Studio Pro with C# .NET to Azure Blob Storage

1 additional answer

Your answer