[Bug]: Cannot sign app file: [Managed Identity] Authentication unavailable.

[mcebailly]

AL-Go version

7.2

Describe the issue

During CI/CD, we are receiving a signing error. This doesn't error the build process, but the sign does not complete. Here is the error, attached are the logs

False MSAL 4.71.1.0 MSAL.NetCore .NET 8.0.16 Microsoft Windows 10.0.20348 [2025-06-12 19:28:45Z - c99d0b11-7e99-4926-922e-b4083f3b52b9] Error message: [Managed Identity] Authentication unavailable. Either the requested identity has not been assigned to this resource, or other errors could be present. Ensure the identity is correctly assigned and check the inner exception for more details. For more information, visit https://aka.ms/msal-managed-identity.
Status: BadRequest
Content:
{"error":"invalid_request","error_description":"Identity not found"}

    Headers:
    Server: IMDS/150.8[70](https://github.com/EideBaillyCloud/MultiLineCheckExtender/actions/runs/15618852149/job/43998543359#step:11:73).65.1544
    x-ms-request-id: 7c23dc03-4f7a-4852-a9c6-34f4bd454b0a
    Date: Thu, 12 Jun 2025 19:28:44 GMT
    
    [Managed Identity] Error Code: invalid_request Error Description: Identity not found  Http status code: BadRequest

fail: Azure.Identity[10]
False MSAL 4.71.1.0 MSAL.NetCore .NET 8.0.16 Microsoft Windows 10.0.20348 [2025-06-12 19:28:46Z - c99d0b11-7e99-4926-922e-b4083f3b52b9] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: managed_identity_request_failed
HTTP StatusCode 0
CorrelationId c99d0b11-7e99-4926-922e-b4083f3b52b9
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.ManagedIdentity.ImdsManagedIdentitySource.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

logs_40041914098.zip

Expected behavior

Build signs the files

Steps to reproduce

Create a build, put in signing credentials, run CICD

Additional context (logs, screenshots, etc.)

No response

[aholstrup1]

Did you check whether the file is signed or not? I can see it displays some errors but ultimately it does look like the signing takes place

2025-06-12T19:29:18.6897623Z info: Sign.Core.ISigner[0]
2025-06-12T19:29:18.6899246Z       Submitting ... .app for signing.
2025-06-12T19:29:18.6915775Z info: Sign.Core.ISigner[0]
2025-06-12T19:29:18.6917729Z       SignAsync called for ... app. Using C:\Users\runneradmin\AppData\Local\Temp\jypgp5al.nhq\0vmr5jlx.app locally.
2025-06-12T19:29:18.7013723Z info: Sign.Core.IDataFormatSigner[0]
2025-06-12T19:29:18.7014486Z       Signing SignTool job with 1 files.
2025-06-12T19:29:18.8897144Z info: Sign.Core.IDataFormatSigner[0]
2025-06-12T19:29:18.8898182Z       Signing C:\Users\runneradmin\AppData\Local\Temp\jypgp5al.nhq\0vmr5jlx.app.
2025-06-12T19:29:19.3134289Z info: Sign.Core.IDataFormatSigner[0]
2025-06-12T19:29:19.3135410Z       Signing C:\Users\runneradmin\AppData\Local\Temp\jypgp5al.nhq\0vmr5jlx.app succeeded.
2025-06-12T19:29:19.3161645Z info: Sign.Core.ISigner[0]
2025-06-12T19:29:19.3162276Z       Completed in 629 ms.

The error messages you're seeing in the logs is a known issue that I expect will be fixed in the next version of the signing tool (For reference: dotnet/sign#882 (comment))

[mcebailly]

To your first question, it did not sign it. We tried to submit the app file and it got rejected from lack of signing.

[mcebailly]

I should also add, the signing was working at one point, this is not a new app.

[aholstrup1]

Got it - I can definitely reproduce the error messages but in my case the apps do come out signed in the end regardless. As a result, the AppSource submission works in the end.

From AppSource telemetry I can indeed see that version 25.5.37.0 failed from lack of signing. Could you share the logs for that CI/CD run? I'm wondering if that run failed silently for a different reason.

Alternatively, could you try submitting version 25.5.40.0 to AppSource? That's the app produced in the logs I can see.

[mcebailly]

We are having to upgrade our app to V26 symbols in order to build, I will let you know how that goes and/or post the logs if there is a failure

[mcebailly]

I think our upgrade was related to the database backup error. We are still running into trusted signing issues. We need to get this build going as we have customers down, any suggestions?

[aholstrup1]

In order to investigate the issue, I would need a bit more information. If you could share the logs for the last CI/CD that you attempted to publish to AppSource, that would be helpful (e.g. the CI/CD that produced 25.5.37.0). I'm seeing the same error messages in our pipelines, but the signing still takes place and the subsequent AppSource submission goes through, so I'm currently unable to reproduce this.

As for a quick mitigation to help your customers, two things come to mind:

• If you were able to sign on a previous version of AL-Go, you could try reverting to an earlier version of AL-Go temporarily in order to ship the update to your customers.
• You could also try to sign the .app file locally. AL-Go uses https://github.com/dotnet/sign for codesigning. The scripts we use are here if you want to take inspiration off that.