From e793387f3211caac0b6a88748893342db61bafc1 Mon Sep 17 00:00:00 2001 From: alexwolfmsft <93200798+alexwolfmsft@users.noreply.github.com> Date: Mon, 25 Nov 2024 12:53:21 -0500 Subject: [PATCH] Add credential builder context (#43708) * Add credential builder context --- .../sdk/authentication/credential-chains.md | 6 ++--- .../credential-chains/Program.cs | 26 ++++++++++++++----- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/docs/azure/sdk/authentication/credential-chains.md b/docs/azure/sdk/authentication/credential-chains.md index d03dc0f5b22f9..64a0dc0b68717 100644 --- a/docs/azure/sdk/authentication/credential-chains.md +++ b/docs/azure/sdk/authentication/credential-chains.md @@ -63,7 +63,7 @@ The order in which `DefaultAzureCredential` attempts credentials follows. In its simplest form, you can use the parameterless version of `DefaultAzureCredential` as follows: -:::code language="csharp" source="../snippets/authentication/credential-chains/Program.cs" id="snippet_Dac" highlight="1"::: +:::code language="csharp" source="../snippets/authentication/credential-chains/Program.cs" id="snippet_Dac" highlight="6"::: > [!TIP] > The `UseCredential` method in the preceding code snippet is recommended for use in ASP.NET Core apps. For more information, see [Use the Azure SDK for .NET in ASP.NET Core apps](../aspnetcore-guidance.md#authenticate-using-microsoft-entra-id). @@ -72,7 +72,7 @@ In its simplest form, you can use the parameterless version of `DefaultAzureCred To remove a credential from `DefaultAzureCredential`, use the corresponding `Exclude`-prefixed property in [DefaultAzureCredentialOptions](/dotnet/api/azure.identity.defaultazurecredentialoptions?view=azure-dotnet&preserve-view=true#properties). For example: -:::code language="csharp" source="../snippets/authentication/credential-chains/Program.cs" id="snippet_DacExcludes" highlight="4-5"::: +:::code language="csharp" source="../snippets/authentication/credential-chains/Program.cs" id="snippet_DacExcludes" highlight="9-10"::: In the preceding code sample, `EnvironmentCredential` and `WorkloadIdentityCredential` are removed from the credential chain. As a result, the first credential to be attempted is `ManagedIdentityCredential`. The modified chain looks like this: @@ -97,7 +97,7 @@ As more `Exclude`-prefixed properties are set to `true` (credential exclusions a [ChainedTokenCredential](/dotnet/api/azure.identity.chainedtokencredential?view=azure-dotnet&preserve-view=true) is an empty chain to which you add credentials to suit your app's needs. For example: -:::code language="csharp" source="../snippets/authentication/credential-chains/Program.cs" id="snippet_Ctc"::: +:::code language="csharp" source="../snippets/authentication/credential-chains/Program.cs" id="snippet_Ctc" highlight="6-8" ::: The preceding code sample creates a tailored credential chain comprised of two credentials. The user-assigned managed identity variant of `ManagedIdentityCredential` is attempted first, followed by `VisualStudioCredential`, if necessary. In graphical form, the chain looks like this: diff --git a/docs/azure/sdk/snippets/authentication/credential-chains/Program.cs b/docs/azure/sdk/snippets/authentication/credential-chains/Program.cs index 534a361ebbd05..a8a4188e9641f 100644 --- a/docs/azure/sdk/snippets/authentication/credential-chains/Program.cs +++ b/docs/azure/sdk/snippets/authentication/credential-chains/Program.cs @@ -17,16 +17,23 @@ }, EventLevel.LogAlways); #endregion snippet_FilteredLogging +#region snippet_Dac builder.Services.AddAzureClients(clientBuilder => { clientBuilder.AddBlobServiceClient( new Uri("https://.blob.core.windows.net")); - #region snippet_Dac + DefaultAzureCredential credential = new(); clientBuilder.UseCredential(credential); - #endregion snippet_Dac +}); +#endregion snippet_Dac + +#region snippet_DacExcludes +builder.Services.AddAzureClients(clientBuilder => +{ + clientBuilder.AddBlobServiceClient( + new Uri("https://.blob.core.windows.net")); - #region snippet_DacExcludes clientBuilder.UseCredential(new DefaultAzureCredential( new DefaultAzureCredentialOptions { @@ -34,14 +41,21 @@ ExcludeWorkloadIdentityCredential = true, ManagedIdentityClientId = userAssignedClientId, })); - #endregion snippet_DacExcludes +}); +#endregion snippet_DacExcludes + +#region snippet_Ctc +builder.Services.AddAzureClients(clientBuilder => +{ + clientBuilder.AddBlobServiceClient( + new Uri("https://.blob.core.windows.net")); - #region snippet_Ctc clientBuilder.UseCredential(new ChainedTokenCredential( new ManagedIdentityCredential(clientId: userAssignedClientId), new VisualStudioCredential())); - #endregion snippet_Ctc }); +#endregion snippet_Ctc + builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen();