I’ve been taking a first look at Blazor recently. I wanted to pair it with Azure Static Web Apps to test my understanding that a Blazor application can run 100% in the browser, without any backend part required (at least if I choose the right project template). If that’s true, Static Web Apps would be enough and I don’t need something like Azure App Service to host the app unless I need the backend part.
So, the deployment didn’t go smoothly at first, and this post is to share a few learnings in case someone encounters similar problems.
EPERM: operation not permitted, open ‘C:\Program Files\Microsoft Visual Studio\2022\Preview\Common7\IDE\.env’
My first attempt was to deploy from Visual Studio (the Publish option), and it ended with the following error:
> swa.cmd login --tenant-id 70d3xxxx-xxxx-xxxx-xxxx-xxxxxxxx5b67 --subscription-id 6b3fzzzz-zzzz-zzzz-zzzz-zzzzzzzz4b00 --app-name tauritreview --resource-group Taurit.TodoistTools.Review --no-use-keychain
Welcome to Azure Static Web Apps CLI (1.1.10)
Checking Azure session...
✔ Successfully logged into Azure!
✖ Failed to setup project: EPERM: operation not permitted, open 'C:\Program Files\Microsoft Visual Studio\2022\Preview\Common7\IDE\.env'
✖ If you believe this behavior is unexpected, please raise a GitHub issue at:
https://github.com/Azure/static-web-apps-cli/issues/new/choose
Unable to authenticate with Static Web App 'tauritreview'.
Code language: JavaScript (javascript)
I am not sure why Visual Studio tooling here wants to create the .env
file with Static Web App settings in Visual Studio’s Program Files directory, which seems like a poor choice. The project’s directory sounds better, and there should be no problems with file write permissions. Perhaps it’s a bug.
Anyhow. A workaround that I used and which works fine is to create .env
file manually in the path where it’s expected (requires Administrator privileges), and allow non-admin users to modify it (in File-> Properties):
No valid subscription found for tenant {Guid}
Then there was another issue. Just for clarity, when I encountered the first errors with deployment, I switched from publishing with Visual Studio to manually publishing from Windows Terminal to have more control over what CLI commands I execute. So the next issues described here occurred in a slightly different environment.
The first issue I encountered was:
>swa login
Welcome to Azure Static Web Apps CLI (1.1.10)
Using configuration "taurit.todoist-tools.review.v2" from file:
D:\Projekty\Taurit.TodoistTools.Review\source\Taurit.TodoistTools.Review.v2\swa-cli.config.json
Checking Azure session...
✔ Successfully logged into Azure!
✖ Failed to setup project: No valid subscription found for tenant 70d3xxxx-xxxx-xxxx-xxxx-xxxxxxxx5b67.
Please read https://docs.microsoft.com/azure/cost-management-billing/manage/no-subscriptions-found
✖ If you believe this behavior is unexpected, please raise a GitHub issue at:
https://github.com/Azure/static-web-apps-cli/issues/new/choose
Code language: JavaScript (javascript)
I see a similar issue with Azure CLI (az login
) and I don’t understand why tooling doesn’t see my Azure subscription (the only one tied to my tenant). But I found out that when I am super explicit about IDs (which you can find in Azure Portal -> Subscriptions), it works:
>swa login --tenant-id 70d3xxxx-xxxx-xxxx-xxxx-xxxxxxxx5b67 --subscription-id 6b3fzzzz-zzzz-zzzz-zzzz-zzzzzzzz4b00
Welcome to Azure Static Web Apps CLI (1.1.10)
Using configuration "taurit.todoist-tools.review.v2" from file:
D:\Projekty\Taurit.TodoistTools.Review\source\Taurit.TodoistTools.Review.v2\swa-cli.config.json
Checking Azure session...
✔ Successfully logged into Azure!
✔ Saved project credentials in .env file.
✔ Successfully setup project!
Code language: CSS (css)
The access token is from the wrong issuer
That wasn’t the end of my challenges. When swa login
worked, I wanted to deploy my app to Azure. Here’s the error I observed:
>swa deploy
(...) // ommited for brevity
Checking Azure session...
✔ Successfully logged into Azure!
Checking project settings...
✖ The access token is from the wrong issuer 'https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/'.
It must match the tenant 'https://sts.windows.net/70d3xxxx-xxxx-xxxx-xxxx-xxxxxxxx5b67/' associated with this subscription.
Please use the authority (URL) 'https://login.windows.net/70d3xxxx-xxxx-xxxx-xxxx-xxxxxxxx5b67' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.
Code language: JavaScript (javascript)
One observation is that f8cdef31-a31e-4b4a-93e4-5f571e91255a
is a well-known tenant id (you can Google it). It suggests that the CLI logged into Microsoft’s tenant, not my Azure tenant. But I have explicitly passed the tenant ID in the swa login
command (see the first error). So why the problem?
I found the hint in the GitHub discussion thread. Most likely, the CLI has some cache for credentials that don’t get invalidated when they should. The workaround is to add the following line to the .env
file:
AZURE_SUBSCRIPTION_ID=6b3fzzzz-zzzz-zzzz-zzzz-zzzzzzzz4b00
AZURE_TENANT_ID=70d3xxxx-xxxx-xxxx-xxxx-xxxxxxxx5b67
SWA_CLI_LOGIN_CLEAR_CREDENTIALS=true
Code language: JavaScript (javascript)
The .env
file seems to be created by the Static Web Apps CLI either in your project directory (when I use the CLI from the command line directly), or in a path like c:\Program Files\Microsoft Visual Studio\2022\Preview\Common7\IDE.env
(when I used Visual Studio for deployment).
The above setting solved the issue for me:
>swa deploy
Welcome to Azure Static Web Apps CLI (1.1.10)
(...)
Checking project settings...
√ Choose your Static Web App » Taurit.TodoistTools.Review/tauritreview
✔ Successfully setup project!
Deploying to environment: preview
Deploying project to Azure Static Web Apps...
√ Project deployed to https://white-hill-03fd3f903-preview.westeurope.5.azurestaticapps.net 🚀
Code language: PHP (php)
Good luck with your deployment!
Hey man, I have been having the same issue literally for a few days and pulling my hair out. The only difference I have is the Incorrect Token issuer is from another Azure account I had loaded on my visual studio. I removed it, cleared the cache with az account clear but I still get the same error. I don’t know what to do!
Hi Tyler, it might be worth a shot if you haven’t yet tried the last workaround (adding the `SWA_CLI_LOGIN_CLEAR_CREDENTIALS=true` to the `.env` file). Sounds like problems are very similar, and this change resolved the issue at least for a few people 😅 Good luck! I spent plenty time on those issues as well so I know the pain 😊
Hey Tim, thanks for your fast reply.
Even with SWA_CLI_LOGIN_CLEAR_CREDENTIALS=true it still wouldn’t clear it. It’s possibly fetching it from a cache file somewhere else. I published my application from another PC and it worked perfectly. So until I can figure that out, I’ll be doing this method lol.