Your service might have additional configuration which requires you to pass the authentication token in addition to the signature envelope.
Use DefaultAzureCredential to get your token:
TokenCredential credential = new DefaultAzureCredential();
string[] scopes = { "https://your.service.scope/.default" };
AccessToken accessToken = credential.GetToken(new TokenRequestContext(scopes), CancellationToken.None);
CodeTransparencyClient client = new(new Uri("https://<< service name >>.confidential-ledger.azure.com"), new AzureKeyCredential(accessToken.Token));Once you construct the client instance the token will be sent in the Authorization header as Bearer <token>.