Share via

Azure Managed Redis Setup and API access

Kris Hahn 20 Reputation points
2026-04-18T13:57:29.2633333+00:00

I have an App Service configured where I have my API deployed. I created an Azure Managed Redis that my API is trying to access via C# .NET 10 and I have these packages being used by my API

User's image

Using this simple API to validate the Azure setup and configuration.

            app.MapGet("/diagnostics/redis", async (
                IConfiguration config) =>
            {
                var result = new Dictionary<string, object>();

                try
                {
                    // 1. Validate token retrieval
                    var credential = new DefaultAzureCredential();
                    var token = await credential.GetTokenAsync(
                        new TokenRequestContext(new[] { "https://redis.azure.com/.default" })
                    );

                    result["token"] = token.Token;
                    result["tokenExpiresOn"] = token.ExpiresOn.ToString();
                    result["tokenLength"] = token.Token.Length;

                    var options = new ConfigurationOptions
                    {
                        EndPoints = { "Cxxxxxxxxxxxxxxxdis.azure.net:10000" },
                        Ssl = true,
                        Password = token.Token
                    };
                    var redis = await ConnectionMultiplexer.ConnectAsync(options);

                    // 2. Validate Redis connection
                    var db = redis.GetDatabase();
                    var ping = await db.PingAsync();
                    result["redisPing"] = ping.ToString();

                    // 3. Validate read/write
                    await db.StringSetAsync("diagnostic_test", "ok");
                    var value = await db.StringGetAsync("diagnostic_test");

                    result["redisWriteRead"] = value.ToString();

                    return Results.Ok(result);
                }
                catch (Exception ex)
                {
                    result["error"] = ex.Message;
                    result["stackTrace"] = ex.StackTrace;
                    string json = JsonSerializer.Serialize(result);
                    return Results.Problem(json);
                }
            });

I get Last Connection Exception: AuthenticationFailure

User's image

I am a lost as to what I'm missing, and Copilot isn't any help. I have all the Redis code working locally with Redis running in Docker, but I cannot get past this Azure authorization issue.

Here is my Redis Overview

User's image

I know this has to be something real simple but at this point I'm not seeing it at all. Thanks in advance for helping me out.

Azure Cache for Redis
Azure Cache for Redis

An Azure service that provides access to a secure, dedicated Redis cache, managed by Microsoft.

0 comments

Answer accepted by question author

  1. Q&A Assist
    2026-04-18T13:57:53.2633333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    AuthenticationFailure occurs because Azure Managed Redis does not accept a raw Entra ID access token in the Password field. Instead, use the Microsoft.Azure.StackExchangeRedis extensions, which handle token acquisition and connection configuration for Azure Managed Redis.

    Key points from the sample:

    1. Use Microsoft.Azure.StackExchangeRedis and DefaultAzureCredential.
    2. Do not set Password manually.
    3. Call ConfigureForAzureWithTokenCredentialAsync on ConfigurationOptions before connecting.

    A minimal version of the diagnostics endpoint using the supported pattern:

    using Azure.Identity;
using Microsoft.Azure.StackExchangeRedis;
using StackExchange.Redis;

app.MapGet("/diagnostics/redis", async (IConfiguration config) =>
{
    var result = new Dictionary<string, object>();

    try
    {
        var endpoint = config.GetValue<string>("Redis:Endpoint");

        var options = new ConfigurationOptions
        {
            EndPoints = { endpoint },
            // Optional: logging, SSL, etc. are handled by ConfigureForAzureWithTokenCredentialAsync
        };

        // This wires up Entra ID token-based auth correctly
        await options.ConfigureForAzureWithTokenCredentialAsync(new DefaultAzureCredential());

        using var redis = await ConnectionMultiplexer.ConnectAsync(options);
        var db = redis.GetDatabase();

        var ping = await db.PingAsync();
        result["redisPing"] = ping.ToString();

        await db.StringSetAsync("diagnostic_test", "ok");
        var value = await db.StringGetAsync("diagnostic_test");
        result["redisWriteRead"] = value.ToString();

        return Results.Ok(result);
    }
    catch (Exception ex)
    {
        result["error"] = ex.Message;
        result["stackTrace"] = ex.StackTrace;
        return Results.Problem(JsonSerializer.Serialize(result));
    }
});

    Configuration (for local development):

    {
  "Redis": {
    "Endpoint": "<your-redis-name>.<region>.redis.azure.net:10000"
  }
}

    Additional checks:

    1. Ensure the App Service’s managed identity (or service principal) is added as a Redis user under Authentication → Microsoft Entra Authentication → User or service principal on the Azure Managed Redis resource.
    2. For local testing, run az login so DefaultAzureCredential can obtain a token.
    3. Keep the connection multiplexer as a singleton in production (for example, via DI) rather than creating it per request, as shown in the ASP.NET sample.

    Using this pattern aligns with the official Azure Managed Redis samples and resolves the AuthenticationFailure caused by passing the token as a password.

    References:

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SAI JAGADEESH KUDIPUDI 2,625 Reputation points Microsoft External Staff Moderator
    2026-04-20T01:44:42.23+00:00

    Hi Kris Hahn,
    The AuthenticationFailure you’re seeing is expected with the current approach. Azure Managed Redis does not accept a raw Microsoft Entra access token passed directly as the Password field in StackExchange.Redis. When Entra authentication is enabled, Redis uses ACL‑based authentication, which requires a specific client workflow rather than manual token handling.

    • Azure Managed Redis expects authentication using:
    • User → the object ID of the managed identity or service principal that you added as a Redis user Password → a *valid Entra access token
      In addition, the token must be refreshed and re‑authenticated before it expires Manually setting only Password = token.Token bypasses this workflow, which results in an authentication failure

    For .NET applications, Microsoft recommends using the Microsoft.Azure.StackExchangeRedis extension. This library:

    Acquires the Microsoft Entra token correctly
    Configures Redis authentication using the proper ACL user mapping
    Automatically refreshes the token and re‑authenticates the connection
    Prevents connection drops due to token expiration

    Here’s the supported pattern:

    using Azure.Identity;
using Microsoft.Azure.StackExchangeRedis;
using StackExchange.Redis;
var options = ConfigurationOptions.Parse("<your-cache-name>.<region>.redis.azure.net:10000");
options.Ssl = true;
// Enables correct Entra authentication and automatic token refresh
await options.ConfigureForAzureWithTokenCredentialAsync(
    new DefaultAzureCredential());
var connection = await ConnectionMultiplexer.ConnectAsync(options);
var db = connection.GetDatabase();
await db.StringSetAsync("diagnostic_test", "ok");

    This approach works both locally (via az login) and in Azure App Service using managed identity, without code changes.
    Azure-side checks Please also confirm the following:

    Your App Service’s managed identity is added under Azure Managed Redis → Authentication → Microsoft Entra Authentication
    The identity is listed as a Redis User (as shown in your screenshot)
    Connections are made using TLS (required for Entra authentication)
    You’re using the correct endpoint and port (10000 for Azure Managed Redis)

    Your Redis setup in Azure is correct — the issue is only in how authentication is handled from the client. Switching to the supported Microsoft.Azure.StackExchangeRedis workflow resolves the authentication error and ensures secure, stable, password‑free access using Microsoft Entra ID.

    Microsoft documentation

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.