I'm working on an application which is using key vault. The app is written in .NET Core 3.1 (ASP.NET) The app from my local machine working perfectly fine. I deployed the app as an azure app service and now i'm getting "HTTP Error 500.30 - ANCM In-Process Start Failure" error message. I checked the application event log and it says:
"The user, group or application 'appid={appId};oid={objectId};iss={url}' does not have secrets get permission on key vault '{keyvault-name};location=westeurope'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287 ","innererror":{"code":"AccessDenied"}}}"
theoretically in the key vault settings I addedd access right to my application, it has the same Access policies applied as for my local dev env. Based on MS tutorials I did the configuration on my dev env too. One thing which makes me concerned is the environment variables. Under the application / Configuration section I added "AZURE_CLIENT_ID", "AZURE_CLIENT_SECRET", and "AZURE_TENANT_ID" as I did for the local dev env with setx AZURE..., but this also not help anything.
I was using the same command for local app and deployed app to set permissions which was:
az keyvault set-policy --name "{keyvault-name}" --object-id "{object-id}" --secret-permissions get list
I tried to execute the above command with that object id what I was getting from the exception but it's still not working.
(btw why that object id can differ from the object id I got under Identity pane which belongs to my app?)
Thank you for your help guys, or any ideas are welcomed.
