I encountered an error when I try to setup CI/CD in Azure DevOps, I tried to deploy a .NET Core application to Azure App Service, but Azure DevOps won't connect to Azure. This is a known issue for Microsoft. Let's see how we can manually setup a connection between Azure DevOps and Azure to workaround this issue.
First, the error message I met was:
Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resourcename 'moonglade'. Error: Could not fetch access token for Managed ServicePrincipal. Please configure Managed Service Identity (MSI) for virtual machine'https://aka.ms/azure-msi-docs'.Status code: 400, status message: Bad Request
This is caused by the authentication token is invalid or expired. However, when I try to Authorize a new connection, Azure DevOps blows up:
TF14045: The identity with type 'Microsoft.IdentityModel.Claims.ClaimsIdentity' could not be found.
Microsoft has a known issue for this, but seems not fixed so far: https://developercommunity.visualstudio.com/content/problem/412380/tf14045-the-identity-with-type-microsoftidentitymo-1.html
Go to Azure Active Directory > App registrations (Preview), Click "+ New registration"
Set a Name, for example: ediwang-AzureDevOps
Choose "Accounts in this organizational directory only"
Set https://VisualStudio/SPN as Redirection URL
Set a Description and choose "Never" Expires.
Copy the VALUE in Client Secrets
And also copy Application (client) ID and Directory (tenant) ID in Overview
Go to Subscription > Access control (IAM) Search for the Name of the App, and Add a role assignment
Set as Owner
Go back to Azure DevOps, click Manage in Azure App Service Deploy
Add an Azure Resource Manager in Service Connections
Choose use the full version of the service connection dialog.
Service pricipal client ID is Application (client) ID
Service pricipal key is the VALUE copied in Client Secrets
Click Verify connection
If nothing goes wrong, you will have a successful connection and deployment