Open hoarfrostm opened 1 week ago
@hoarfrostm: It is not recommended that you set TokenCachePersistenceOptions
as a general practice. Those options are intended for unusual scenarios, such as when you are writing a CLI that requires durable state persistence. Setting those options causes the normal memory-based cache of the credential to be persisted to/from disk for every operation, which is a large performance hit and can cause issues in some environments when the local OS key store is not available.
To mitigate, we advise not setting the TokenCachePersistenceOptions
.
Hi @hoarfrostm. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.
It is the encryption that is not always successful. There can be a middle ground of still persisting token cache on disk, but without encryption.
Azure Identity's underlying library MSAL .Net supports turning off encryption: "The cross-platform token cache allows you to store unencrypted tokens in an ACL-restricted plain-text file. This is useful in cases where encryption at rest fails, which ocassionally happens due to environmnent-related reasons."
But I'm not sure whether Azure Identity exposes that behavior. Azure Identity's doc seemingly hints that it would always enable token encryption when running on Windows.
Library name and version
azure.identity 1.10.4
Describe the bug
An error occured while we use .Net Azure.Identiy named persistent token cache options.
Code:
Exception:
Expected behavior
No exception
Actual behavior
threw Persistence check failed exception
Reproduction Steps
Randomly happened multiple times in multiple services. Most frequently after a reboot of VM. But Not necessarily.
Environment
Server OS Version 6.3 (20348) - Windows Server 2022 Datacenter
.Net Framework 4.7.2
"nuget": [ { "id": "azure.core", "version": "1.36.0", "platform": "windows" }, { "id": "azure.identity", "version": "1.10.4", "platform": "windows" }