dotnet · scottaddie · Jul 25, 2025 · Aug 1, 2025 · Aug 1, 2025 · Aug 1, 2025
@@ -1,6 +1,6 @@
 ---
 ms.topic: include
-ms.date: 04/25/2025
+ms.date: 08/01/2025
 ---
 
 ## Authenticate to Azure services from your app
@@ -11,33 +11,30 @@ The [Azure Identity library](/dotnet/api/azure.identity?view=azure-dotnet&preser
 
 [DefaultAzureCredential](../authentication/credential-chains.md#defaultazurecredential-overview) is an opinionated, ordered sequence of mechanisms for authenticating to Microsoft Entra ID. Each authentication mechanism is a class derived from the [TokenCredential](/dotnet/api/azure.core.tokencredential?view=azure-dotnet&preserve-view=true) class and is known as a *credential*. At runtime, `DefaultAzureCredential` attempts to authenticate using the first credential. If that credential fails to acquire an access token, the next credential in the sequence is attempted, and so on, until an access token is successfully obtained. In this way, your app can use different credentials in different environments without writing environment-specific code.
 
-To use `DefaultAzureCredential`, add the [Azure.Identity](/dotnet/api/azure.identity) and optionally the [Microsoft.Extensions.Azure](/dotnet/api/microsoft.extensions.azure) packages to your application:
+To use `DefaultAzureCredential`:
 
-### [Command Line](#tab/command-line)
+1. Add the [Microsoft.Extensions.Azure](/dotnet/api/microsoft.extensions.azure) package to your application:
 
-In a terminal of your choice, navigate to the application project directory and run the following commands:
+    ```dotnetcli
+    dotnet add package Microsoft.Extensions.Azure
+    ```
 
-```dotnetcli
-dotnet add package Azure.Identity
-dotnet add package Microsoft.Extensions.Azure
-```
+1. Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered so they can be accessed via dependency injection throughout your app. In `Program.cs`, complete the following steps to register a client class and `DefaultAzureCredential`:
 
-### [NuGet Package Manager](#tab/nuget-package)
+    1. Include the `Microsoft.Extensions.Azure` namespace via a `using` directive.
+    1. Register the Azure service client using the corresponding `Add`-prefixed extension method.
 
-Right-click your project in Visual Studio's **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package.
+        :::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential":::
 
-:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager.":::
+By default, the client builder creates a `DefaultAzureCredential` instance on your behalf. For production usage, register a [deterministic credential](../authentication/best-practices.md#use-deterministic-credentials-in-production-environments) instance with the builder instead of using `DefaultAzureCredential`. To use a different credential for Azure SDK clients:
 
----
-
-Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered so they can be accessed via dependency injection throughout your app. In `Program.cs`, complete the following steps to register a client class and `DefaultAzureCredential`:
-
-1. Include the `Azure.Identity` and `Microsoft.Extensions.Azure` namespaces via `using` directives.
-1. Register the Azure service client using the corresponding `Add`-prefixed extension method.
-1. Pass an instance of `DefaultAzureCredential` to the `UseCredential` method.
+1. Add the [Azure.Identity](/dotnet/api/azure.identity) package to your application:
 
-:::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential_UseCredential":::
+    ```dotnetcli
+    dotnet add package Azure.Identity
+    ```
 
-An alternative to the `UseCredential` method is to provide the credential to the service client directly:
+1. Include the `Azure.Identity` namespace via a `using` directive.
+1. Register a custom credential instance with the builder. For example:
 
-:::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential":::
+    :::code language="csharp" source="../snippets/authentication/local-dev-account/Program.cs" id="snippet_DefaultAzureCredential_UseCredential" highlight="6":::
@@ -1,6 +1,6 @@
 ---
 ms.topic: include
-ms.date: 02/12/2025
+ms.date: 07/25/2025
 ---
 
 [!INCLUDE [implement-service-principal-concepts](implement-service-principal-concepts.md)]
@@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure
 
 Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package.
 
-:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager.":::
-
 ---
 
 Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication:
@@ -34,7 +32,3 @@ Azure services are accessed using specialized client classes from the various Az
 1. Pass the `ClientSecretCredential` instance to the `UseCredential` method.
 
 :::code language="csharp" source="../snippets/authentication/local-dev-service-principal/Program.cs" id="snippet_ClientSecretCredential_UseCredential":::
-
-An alternative to the `UseCredential` method is to provide the credential to the service client directly:
-
-:::code language="csharp" source="../snippets/authentication/local-dev-service-principal/Program.cs" id="snippet_ClientSecretCredential":::
@@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure
 
 Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package.
 
-:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager.":::
-
 ---
 
 Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication:

@@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure
 
 Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package.
 
-:::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager.":::
-
 ---
 
 Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication:

@@ -1,7 +1,6 @@
 using Azure.Identity;
 using Microsoft.Extensions.Azure;
 using Azure.Storage.Blobs;
-using Azure.Core;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -45,22 +44,23 @@
 
 void registerUsingServicePrincipal(WebApplicationBuilder builder)
 {
+    #region snippet_DefaultAzureCredential
+    builder.Services.AddAzureClients(clientBuilder =>
+    {
+        clientBuilder.AddBlobServiceClient(
+            new Uri("https://<account-name>.blob.core.windows.net"));
+    });
+    #endregion snippet_DefaultAzureCredential
+
     #region snippet_DefaultAzureCredential_UseCredential
     builder.Services.AddAzureClients(clientBuilder =>
     {
         clientBuilder.AddBlobServiceClient(
             new Uri("https://<account-name>.blob.core.windows.net"));
 
-        clientBuilder.UseCredential(new DefaultAzureCredential());
+        clientBuilder.UseCredential(new AzureCliCredential());
     });
     #endregion snippet_DefaultAzureCredential_UseCredential
-
-    #region snippet_DefaultAzureCredential
-    builder.Services.AddSingleton<BlobServiceClient>(_ =>
-        new BlobServiceClient(
-            new Uri("https://<account-name>.blob.core.windows.net"),
-            new DefaultAzureCredential()));
-    #endregion snippet_DefaultAzureCredential
 }
 
 internal record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)

@@ -1,7 +1,6 @@
 using Azure.Identity;
 using Microsoft.Extensions.Azure;
 using Azure.Storage.Blobs;
-using Azure.Core;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -58,17 +57,6 @@ void registerUsingServicePrincipal(WebApplicationBuilder builder)
         clientBuilder.UseCredential(new ClientSecretCredential(tenantId, clientId, clientSecret));
     });
     #endregion snippet_ClientSecretCredential_UseCredential
-
-    #region snippet_ClientSecretCredential
-    var tenantId = Environment.GetEnvironmentVariable("AZURE_TENANT_ID");
-    var clientId = Environment.GetEnvironmentVariable("AZURE_CLIENT_ID");
-    var clientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET");
-
-    builder.Services.AddSingleton<BlobServiceClient>(_ =>
-        new BlobServiceClient(
-            new Uri("https://<account-name>.blob.core.windows.net"),
-            new ClientSecretCredential(tenantId, clientId, clientSecret)));
-    #endregion snippet_ClientSecretCredential
 }
 
 internal record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,8 +22,6 @@ dotnet add package Microsoft.Extensions.Azure @@
     Right-click your project in the Visual Studio **Solution Explorer** window and select **Manage NuGet Packages**. Search for **Azure.Identity**, and install the matching package. Repeat this process for the **Microsoft.Extensions.Azure** package.
-    :::image type="content" source="../media/nuget-azure-identity.png" alt-text="Install a package using the package manager.":::
     ---
     Azure services are accessed using specialized client classes from the various Azure SDK client libraries. These classes and your own custom services should be registered for dependency injection so they can be used throughout your app. In `Program.cs`, complete the following steps to configure a client class for dependency injection and token-based authentication:
@@ Expand Down @@