Connect to KeyVault in Azure China

Question

I use this code for Azure KeyVault Service and it works well with a regular Azure

ClientSecretCredential clientCredential = new(options.KeyVaultTenantId, options.KeyVaultClientId, options.KeyVaultClientSecret);
KeyVaultCertificateWithPolicy rootCertificate = new CertificateClient(vaultUri, _clientCredential).GetCertificate(_rootCertificateId).Value;

however I need to connect to Azure China. The code fails with message:

AADSTS90002: Tenant 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' not found. Check to make sure you have the correct tenant ID and are signing into the correct cloud. Check with your subscription administrator, this may happen if there are no active subscriptions for the tenant

I found this but I don't know where to set ActiveDirectoryServiceSettings.AzureChina in my code. Please suggest

<PackageReference Include="Azure.Identity" Version="1.5.0" />
<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.2.0" />
<PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.2.0" />
<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.2.0" />

Answer 1

You would need to use ClientSecretCredential(String, String, String, ClientSecretCredentialOptions) constructor override and set the AuthorityHost to Azure China in ClientSecretCredentialOptions .

Something like:

var clientSecretCredentialOptions = new ClientSecretCredentialOptions()
{
    AuthorityHost =  AzureAuthorityHosts.AzureChina
};

ClientSecretCredential clientCredential = new(options.KeyVaultTenantId, options.KeyVaultClientId, options.KeyVaultClientSecret, clientSecretCredentialOptions);
KeyVaultCertificateWithPolicy rootCertificate = new CertificateClient(vaultUri, _clientCredential).GetCertificate(_rootCertificateId).Value;