Problem

I encountered an error when I tried to setup CI/CD in Azure DevOps, I tried to deploy a .NET Core application to Azure App Service, but Azure DevOps won't connect to Azure. This is a known issue for Microsoft. Let's see how we can manually set up a connection between Azure DevOps and Azure to work around this issue.

First, the error message I met was:

Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resourcename 'moonglade'. Error: Could not fetch access token for Managed ServicePrincipal. Please configure Managed Service Identity (MSI) for virtual machine'https://aka.ms/azure-msi-docs'.Status code: 400, status message: Bad Request

This is caused by the authentication token is invalid or expired. However, when I try to Authorize a new connection, Azure DevOps blows up:

TF14045: The identity with type 'Microsoft.IdentityModel.Claims.ClaimsIdentity' could not be found.

Microsoft has a known issue for this, but seems not fixed so far: https://developercommunity.visualstudio.com/content/problem/412380/tf14045-the-identity-with-type-microsoftidentitymo-1.html

Solution

Go to Azure Active Directory > App registrations (Preview), Click "+ New registration"

Set a Name, for example: ediwang-AzureDevOps

Choose "Accounts in this organizational directory only"

Set https://VisualStudio/SPN as Redirection URL

Set a Description and choose "Never" Expires.

Copy the VALUE in Client Secrets

And also copy Application (client) ID and Directory (tenant) ID in Overview

Go to Subscription > Access control (IAM) Search for the Name of the App, and Add a role assignment

Set as Owner

Go back to Azure DevOps, click Manage in Azure App Service Deploy

Add an Azure Resource Manager in Service Connections

Choose use the full version of the service connection dialog.

Service pricipal client ID is Application (client) ID

Service pricipal key is the VALUE copied in Client Secrets

Click Verify connection

If nothing goes wrong, you will have a successful connection and deployment