Azure / Microsoft.Azure.StackExchangeRedis

Azure-specific wrapper for the StackExchange.Redis client library
MIT License
17 stars 14 forks source link

ArgumentNullException: Value cannot be null. Parameter name: token #59

Closed nprice22 closed 3 months ago

nprice22 commented 3 months ago

Hello,

I'm trying to use the SNI cert based auth using a SP to access Azure Cache for Redis on version 3.1.0 of this package. Here's the code snippet I'm using:

await configurationOptions.ConfigureForAzureAsync(new AzureCacheOptions { ClientId = clientId, ServicePrincipalTenantId = tenantId, ServicePrincipalCertificate = certificate, SendX5C = true // Enables Subject Name + Issuer authentication });

On this line of code, I'm getting the following error:

System.AggregateException: One or more errors occurred. ---> System.ArgumentNullException: Value cannot be null.
Parameter name: token
at Microsoft.Azure.StackExchangeRedis.AzureCacheOptions.<>c.<.ctor>b__14_1(String token) in ...\src\AzureCacheOptions.cs:line 92
at StackExchange.Redis.AzureCacheForRedis.d__6.MoveNext() in ...\src\AzureCacheForRedis.cs:line 116

I've validated that the parameters for clientid, tenantid, and the certificate are correct. I've also validated that the SP is set up as data reader on the redis instance as well as entraid auth being enabled. The SP is also authed with the SNI cert I'm attempting to use.

This appears to be the line it's failing on: https://github.com/Azure/Microsoft.Azure.StackExchangeRedis/blob/a1a4bef386ba3fd7ca38f36ea38b20da8f10bced/src/AzureCacheOptions.cs#L85C13-L85C60

Are there any additional steps I can do to troubleshoot this problem? Are there any alternative ways to use SNI auth with a SP to access an Azure Cache for Redis instance I could try?

philon-msft commented 3 months ago

Could you try setting configurationOptions.User = "[SP principal ID]"? The SP's principal ID should appear as the Username on the cache's Authentication view in the Azure Portal.

nprice22 commented 3 months ago

Turns out our deploy system was pushing an older version of the StackExchange.Redis library which didn't meet the requirement of the 2.7.33 version required by the Microsoft.Azure.StackExchangeRedis library. After ensuring 2.7.33+ was being used, SP based auth started working.