Can not login to azure in Rider using azure tools

[jgranger36]

similar issues #332

when attempting the azure sign in process, i get no pop up for device login for azure cli. no response at all. I saw the above issue and checked the authmehtodetail.json file and all values are null including the authMethod. i attempted to add "DC" as the authMethod and save the file, but everytime i open the Azure service authentication screen that file is updated with a null value.

EDIT: I was able to get it to sign in by calling the Azure Sign In from the search all screen.

below is my about info:

JetBrains Rider 2021.1.5
Build #RD-211.7628.61, built on July 22, 2021
Licensed to Rider Evaluator
Expiration date: August 25, 2021
Runtime version: 11.0.11+9-b1341.60 amd64
VM: Dynamic Code Evolution 64-Bit Server VM by JetBrains s.r.o.
Windows 10 10.0
.NET Framework 4.0.30319.42000
GC: G1 Young Generation, G1 Old Generation
Memory: 1500M
Cores: 8
Registry: debugger.new.debug.tool.window.view=true, ide.tree.horizontal.default.autoscrolling=false, ide.tooltip.showAllSeverities=true, ide.mac.bigsur.alerts.enabled=true, show.diff.preview.as.editor.tab.with.single.click=true, ea.enable.developers.list=false, parameter.info.max.visible.rows=10, ide.win.file.chooser.native=true, search.everywhere.pattern.checking=false, performance.watcher.sampling.interval.ms=200, ide.borderless.tab.caption.in.title=false, show.diff.preview.as.editor.tab=true, light.edit.file.open.enabled=false, performance.watcher.unresponsive.interval.ms=1000, vcs.enable.add.ignored.directories.to.exclude=false, search.everywhere.settings=true, vcs.log.show.diff.preview.as.editor.tab=true, ide.tooltip.initialDelay=0, ide.require.transaction.for.model.changes=false, ide.debug.in.title=true, rdclient.asyncActions=false
Non-Bundled Plugins: com.intellij.resharper.HeapAllocationsViewer (2021.1.0), aws.toolkit (1.29-211), com.intellij.resharper.azure (3.50.0.1204-2021.1)

[maartenba]

@jgranger36 Where did you originally start the sign in process? Did you select device login or Azure CLI?

[jgranger36]

i chose device login first and then tried the cli option.

[maartenba]

If you can reproduce the issue, would you mind sending us Rider logs and report them? (see https://rider-support.jetbrains.com/hc/en-us/articles/360001079770-How-to-collect-Rider-logs- )

[maartenba]

@jgranger36 Did you try the initial sign in from the settings here?

[jtourlamain]

I logged in via the build-in terminal via "az cli" but nothing with Managed Identity works. Running the same code in Visual Studio works jus fine. I tried device login, but is doesn't open up a browser, nor gave it a device code. In the previous release the device login worked, but you couldn't even copy paste the device code from the pop-up.

[maartenba]

@jtourlamain do you have any repro steps / description of what you are doing/ where so we can try to reproduce the issue?

[jtourlamain]

@maartenba I open up a powershell core console. Do a "az login", browser pops up, and I login. I receive all my subscriptions. Next I open up Rider, go to the Azure plugin (cf your screenshot above) and the result is that "Azure CLI (Not logged in) is disabled.

I have the same result in Rider 2021.3 EAP10 Beta and 2021.2 I also tried to login with the build-in terminal of Rider (hoping that Rider would "see" it), but no success there.

When using the device login on Rider 2021.3 EAP10 Beta, the browser pops up, but I can not copy/paste the device code from the Rider screen and need to manually type it over (so room for improvements here).

[maartenba]

I'm assuming az is in your PATH and not just the PowerShell profile, right?

[jtourlamain]

I didn't thought of it, but yes, it is in my PATH (cf screenshot), and pc has been restarted

[maartenba]

Thanks! Did some digging into Microsoft's auth libraries that we use. It would be helpful to check a few more things on your machine.

1. Is there an environment variable AZURE_CONFIG_DIR set? (probably not, but trying to rule out things)
2. In your user home directory, is there a .azure/azureProfile.json and a .azure/accessTokens.json file after logging in using az login?

If 1 is not present, and 2 both exists, it would be nice to get an email at maarten at jetbrains .com to do some further digging if you are up for it, but we'll need to collect some extra logs etc.

[maartenba]

Thanks to @jtourlamain 's email, managed to trace the root cause.

Right now, when opting for Azure CLI login:

• AzureCliAzureManager calls AzureAuthHelper.getAzureCLICredential to check if we are logged in
• This method checks for the existence of accessTokens.json in $HOME/.azure/accessTokens.json

    public static AzureTokenWrapper getAzureCLICredential(AzureEnvironment environment) throws IOException {
        if (isInCloudShell()) {
            return new AzureTokenWrapper(AuthMethod.CLOUD_SHELL, new MSICredentials(environment));
        } else {
            File credentialParent = getAzureConfigFolder();
            if (credentialParent.exists() && credentialParent.isDirectory()) {
                File azureProfile = new File(credentialParent, "azureProfile.json");
                File accessTokens = new File(credentialParent, "accessTokens.json");
                if (azureProfile.exists() && accessTokens.exists()) {
                    List tokens = (List)JsonUtils.fromJson(FileUtils.readFileToString(accessTokens, "utf8"), List.class);
                    if (tokens.isEmpty()) {
                        return null;
                    }

• The newer versions of the Azure CLI no longer emit this file, and hence all of the above logic fails to recognize whether we are logged in via the CLI.
• Upstream, this entire logic has been replaced with IdentityAzureManager, which supports working with newer tooling

Right now, the workaround would be to make use of the device login flow, while we look into #548

[maartenba]

Related issue: https://youtrack.jetbrains.com/issue/RIDER-71312

[jimmyville]

Any progress on this issue? I'm new to Rider on MacOS but hitting the same problem.

[maartenba]

For now, device login is the way to go.

[Derich367]

Are there any updates regarding this issue? Device login doesn't work if you have a multi tenant account, where you have to select the tenant before the login.

[anev-auror]

When will this be fixed? I have a multi tenant account and cannot login.

[maartenba]

We're still investigating the merge from Microsoft's upstream repository. There are quite a few things that need to be verified and validated, and we can't give an accurate ETA.

For now, device login is the way to go, or downgrading the Azure CLI version.

[ejfasting]

Any update on this? Device login works, but unfortunately the multi tenant-issue is still relevant for many.

[maartenba]

Unfortunately not yet :-( We are investigating ways to resolve this properly.

[mohanajuhi166]

I am facing a similar issue, tried everything but it doesn't connect to the tenant I need. Azure CLI option is disabled.

[maartenba]

For now, device login is the way to go if CLI is grayed out.

[mohanajuhi166]

@maartenba , when I do device login, it just lists the subscriptions I have access to in production tenant , but doesn't list non production subscriptions . Is there a way I can access those ? I tried the service principal method but that didn't work in Rider.

[maartenba]

@mohanajuhi166 Unfortunately that won't work currently, sorry for that

[sgrigsoftserve]

I don't know how but I did not have this problem a month ago but now, when using new DefaultAzureCredential() anywhere it just won't work.

Using new AzureCliCredential() works but it's not really something that can we used in deployments and in 3rd party libraries etc.

After reading this https://learn.microsoft.com/en-us/cli/azure/msal-based-azure-cli I tried to create a manual accessTokens.json in %HOMEPATH%/.azure/ with the help of az account get-access-token --subscription "<subscription ID or name>" and saving the output to accessTokens.json like this

[
    {
        //token for subscription one
    },
    {
        //token for subscription two
    }
]

but it did not work, I probably don't have the right structure for accessTokens.json

A fix for this will be much appreciated.

UPDATE: after reading this https://github.com/Azure/azure-sdk-for-net/issues/33294#issuecomment-1422968272 and upgrading System.Diagnostics.DiagnosticSource to 6.0.0+ the issue was resolved.

[PatrickRainer]

We're still investigating the merge from Microsoft's upstream repository. There are quite a few things that need to be verified and validated, and we can't give an accurate ETA.

For now, device login is the way to go, or downgrading the Azure CLI version.

To which version we need to downgrade?

[vova-lantsov-dev]

@PatrickRainer what I currently have installed:

> az --version

azure-cli 2.29.2 core 2.29.2 telemetry 1.0.6

Also, Azure Function Core Tools is 4.0.5198

[PauloDaniel1993]

Do we have any news about this? I am having the same problem

azure-cli                         2.51.0

core                              2.51.0
telemetry                          1.1.0

[rafaelldi]

@PauloDaniel1993 Hi! Our refactoring is still in progress. We will make an announcement when the first version is ready. Sorry for any inconvenience this may cause.

[tilupe]

I am not sure if I have the same problem, but at the moment I can't run our applications on Rider because if I do I get a: " KeyVault cache file could not be loaded. This is expected to happen only once, when the KeyVault is accessed the first time Azure.Identity.CredentialUnavailableException: Please run 'az login' to set up account" Error.

I ran "az login" already and everthing works fine. I can run the application in the terminal or with VSCode only Rider somehow doesn't want to sync with azure. When I go unter Tools > Azure, then I am signed in there. When I sign out and in again, I can only sign in with copy pasting the code, but I still can't run the application. Everything was working fine until a few weeks ago... I am running Rider on Pop!_OS (based on Ubuntu 22.04)

[H-Finch-404]

I am facing the same issue but on Windows! Both Azure CLI/log in with Rider Azure toolkit are not working!

[eddex]

I was able to fix the issue by logging in though Visual Studio 2022 (Community). Tools > Options > Azure Service Authentication

After logging in through VS, Rider was also logged in again.

[mtopolski]

bump?

[ThijmenDam]

Still facing the same issue. Due to company policy, I cannot use device authentication, i.e. it is required to use the CLI. This means that in my situation, it is not possible to use Rider to build and run my software.

[rafaelldi]

@ThijmenDam you can try our new preview and share your thoughts https://github.com/JetBrains/azure-tools-for-intellij/discussions/777

[ThijmenDam]

@rafaelldi thank you very much for this suggestion. So far, logging in using the preview plugin in combination with the CLI login method appears to be working. I haven't tried it extensively yet, but at least I'm logged in and I can see my resources. Thanks! If anything remarkable pops up, I'll let you know in #777.

[reza-repo]

777 worked 👍

[sulton-max]

777 Preview version worked just fine