[Question]: Can DotNetCoreCLI@2 use a Service Connection to connect to a Azure key vault #21686
Description
Task name
DotNetCoreCLI@2 to access Azure key vault
Task version
8.x
Environment type (Please select at least one enviroment where you face this issue)
- Self-Hosted
- Microsoft Hosted
- VMSS Pool
- Container
- Managed DevOps Pools
Azure DevOps Services
Azure DevOps Services (SaaS)
Azure DevOps Server Version (if applicable)
No response
Operation system
Microsoft Hosted Pipeline
Question
When using an Azure DevOps service connection in a pipeline, applications that rely on DefaultAzureCredential cannot authenticate using the service connection. Using standard tasks such as DotNetCoreCLI@2, authentication consistently fails even though the pipeline is configured with a valid Azure service connection.
- Azure DevOps pipelines commonly authenticate to Azure using service connections.
- Applications running in the pipeline using DefaultAzureCredential are unable to authenticate.
Whenever I tryed to use the DefaultAzureCredential it would default to Managed Identity and would not use the Service Connection from the pipeline. When I disabled managed Identity it would not recognize the Service connection and fail.
Expected Behavior:
When an Azure DevOps pipeline is configured with a service connection, applications running in standard pipeline tasks should be able to authenticate using DefaultAzureCredential without additional configuration.
Pipeline task in question:
- task: DotNetCoreCLI@2
displayName: Run Backend Tests and Generate Test Results
inputs:
azureSubscription: 'Service Connection'
command: 'test'
projects: '$(testProject)'
arguments: '--configuration $(buildConfiguration) --no-build --collect "XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=cobertura DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.ExcludeByFile=**/Models/**/**'