diff --git a/docs/azure/sdk/includes/implement-defaultazurecredential.md b/docs/azure/sdk/includes/implement-defaultazurecredential.md index c0c83166e1e2e..19139c9540c71 100644 --- a/docs/azure/sdk/includes/implement-defaultazurecredential.md +++ b/docs/azure/sdk/includes/implement-defaultazurecredential.md @@ -1,6 +1,6 @@ --- ms.topic: include -ms.date: 04/25/2025 +ms.date: 08/01/2025 --- ## Authenticate to Azure services from your app @@ -11,33 +11,30 @@ The [Azure Identity library](/dotnet/api/azure.identity?view=azure-dotnet&preser [DefaultAzureCredential](../authentication/credential-chains.md#defaultazurecredential-overview) is an opinionated, ordered sequence of mechanisms for authenticating to Microsoft Entra ID. Each authentication mechanism is a class derived from the [TokenCredential](/dotnet/api/azure.core.tokencredential?view=azure-dotnet&preserve-view=true) class and is known as a *credential*. At runtime, `DefaultAzureCredential` attempts to authenticate using the first credential. If that credential fails to acquire an access token, the next credential in the sequence is attempted, and so on, until an access token is successfully obtained. In this way, your app can use different credentials in different environments without writing environment-specific code. -To use `DefaultAzureCredential`, add the [Azure.Identity](/dotnet/api/azure.identity) and optionally the [Microsoft.Extensions.Azure](/dotnet/api/microsoft.extensions.azure) packages to your application: +To use `DefaultAzureCredential`: -### [Command Line](#tab/command-line) +1. Add the [Microsoft.Extensions.Azure](/dotnet/api/microsoft.extensions.azure) package to your application: -In a terminal of your choice, navigate to the application project directory and run the following commands: + ```dotnetcli + dotnet add package Microsoft.Extensions.Azure + ``` -```dotnetcli -dotnet add package Azure.Identity -dotnet add package Microsoft.Extensions.Azure -``` +1. Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered so they can be accessed via dependency injection throughout your app. In `Program.cs`, complete the following steps to register a client class and `DefaultAzureCredential`: -### [NuGet Package Manager](#tab/nuget-package) + 1. Include the `Microsoft.Extensions.Azure` namespace via a `using` directive. + 1. Register the Azure service client using the corresponding `Add`-prefixed extension method. -Right-click your project in Visual Studio's **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package. + :::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential"::: -:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager."::: +By default, the client builder creates a `DefaultAzureCredential` instance on your behalf. For production usage, register a [deterministic credential](../authentication/best-practices.md#use-deterministic-credentials-in-production-environments) instance with the builder instead of using `DefaultAzureCredential`. To use a different credential for Azure SDK clients: ---- - -Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered so they can be accessed via dependency injection throughout your app. In `Program.cs`, complete the following steps to register a client class and `DefaultAzureCredential`: - -1. Include the `Azure.Identity` and `Microsoft.Extensions.Azure` namespaces via `using` directives. -1. Register the Azure service client using the corresponding `Add`-prefixed extension method. -1. Pass an instance of `DefaultAzureCredential` to the `UseCredential` method. +1. Add the [Azure.Identity](/dotnet/api/azure.identity) package to your application: -:::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential_UseCredential"::: + ```dotnetcli + dotnet add package Azure.Identity + ``` -An alternative to the `UseCredential` method is to provide the credential to the service client directly: +1. Include the `Azure.Identity` namespace via a `using` directive. +1. Register a custom credential instance with the builder. For example: -:::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential"::: + :::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential_UseCredential" highlight="6"::: diff --git a/docs/azure/sdk/includes/implement-service-principal.md b/docs/azure/sdk/includes/implement-service-principal.md index 083de7bd3418c..ff20efd0b7064 100644 --- a/docs/azure/sdk/includes/implement-service-principal.md +++ b/docs/azure/sdk/includes/implement-service-principal.md @@ -1,6 +1,6 @@ --- ms.topic: include -ms.date: 02/12/2025 +ms.date: 07/25/2025 --- [!INCLUDE [implement-service-principal-concepts](implement-service-principal-concepts.md)] @@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package. -:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager."::: - --- Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication: @@ -34,7 +32,3 @@ Azure services are accessed using specialized client classes from the various Az 1. Pass the `ClientSecretCredential` instance to the `UseCredential` method. :::code language="csharp" source="../snippets/authentication/local-dev-service-principal/Program.cs" id="snippet_ClientSecretCredential_UseCredential"::: - -An alternative to the `UseCredential` method is to provide the credential to the service client directly: - -:::code language="csharp" source="../snippets/authentication/local-dev-service-principal/Program.cs" id="snippet_ClientSecretCredential"::: diff --git a/docs/azure/sdk/includes/implement-system-assigned-identity.md b/docs/azure/sdk/includes/implement-system-assigned-identity.md index adcb6341d5ee1..94a35ec95717b 100644 --- a/docs/azure/sdk/includes/implement-system-assigned-identity.md +++ b/docs/azure/sdk/includes/implement-system-assigned-identity.md @@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package. -:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager."::: - --- Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication: diff --git a/docs/azure/sdk/includes/implement-user-assigned-identity.md b/docs/azure/sdk/includes/implement-user-assigned-identity.md index b7567a661ad4f..0d7fa1e9c58ab 100644 --- a/docs/azure/sdk/includes/implement-user-assigned-identity.md +++ b/docs/azure/sdk/includes/implement-user-assigned-identity.md @@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package. -:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager."::: - --- Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication: diff --git a/docs/azure/sdk/media/nuget-azure-identity.png b/docs/azure/sdk/media/nuget-azure-identity.png deleted file mode 100644 index 8e5cfa138a1af..0000000000000 Binary files a/docs/azure/sdk/media/nuget-azure-identity.png and /dev/null differ diff --git a/docs/azure/sdk/snippets/authentication/local-dev-account/Program.cs b/docs/azure/sdk/snippets/authentication/local-dev-account/Program.cs index b09ccffb4e6aa..68b4882a969a0 100644 --- a/docs/azure/sdk/snippets/authentication/local-dev-account/Program.cs +++ b/docs/azure/sdk/snippets/authentication/local-dev-account/Program.cs @@ -1,7 +1,6 @@ using Azure.Identity; using Microsoft.Extensions.Azure; using Azure.Storage.Blobs; -using Azure.Core; var builder = WebApplication.CreateBuilder(args); @@ -45,22 +44,23 @@ void registerUsingServicePrincipal(WebApplicationBuilder builder) { + #region snippet_DefaultAzureCredential + builder.Services.AddAzureClients(clientBuilder => + { + clientBuilder.AddBlobServiceClient( + new Uri("https://.blob.core.windows.net")); + }); + #endregion snippet_DefaultAzureCredential + #region snippet_DefaultAzureCredential_UseCredential builder.Services.AddAzureClients(clientBuilder => { clientBuilder.AddBlobServiceClient( new Uri("https://.blob.core.windows.net")); - clientBuilder.UseCredential(new DefaultAzureCredential()); + clientBuilder.UseCredential(new AzureCliCredential()); }); #endregion snippet_DefaultAzureCredential_UseCredential - - #region snippet_DefaultAzureCredential - builder.Services.AddSingleton(_ => - new BlobServiceClient( - new Uri("https://.blob.core.windows.net"), - new DefaultAzureCredential())); - #endregion snippet_DefaultAzureCredential } internal record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary) diff --git a/docs/azure/sdk/snippets/authentication/local-dev-service-principal/Program.cs b/docs/azure/sdk/snippets/authentication/local-dev-service-principal/Program.cs index d8ee41b85db14..8346328694406 100644 --- a/docs/azure/sdk/snippets/authentication/local-dev-service-principal/Program.cs +++ b/docs/azure/sdk/snippets/authentication/local-dev-service-principal/Program.cs @@ -1,7 +1,6 @@ using Azure.Identity; using Microsoft.Extensions.Azure; using Azure.Storage.Blobs; -using Azure.Core; var builder = WebApplication.CreateBuilder(args); @@ -58,17 +57,6 @@ void registerUsingServicePrincipal(WebApplicationBuilder builder) clientBuilder.UseCredential(new ClientSecretCredential(tenantId, clientId, clientSecret)); }); #endregion snippet_ClientSecretCredential_UseCredential - - #region snippet_ClientSecretCredential - var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID"); - var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID"); - var clientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET"); - - builder.Services.AddSingleton(_ => - new BlobServiceClient( - new Uri("https://.blob.core.windows.net"), - new ClientSecretCredential(tenantId, clientId, clientSecret))); - #endregion snippet_ClientSecretCredential } internal record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)