|
Add this skill
npx mdskills install sickn33/azure-identity-dotnetComprehensive reference documentation for Azure authentication, but lacks agent-specific instructions or triggers
Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).
dotnet add package Azure.Identity
# For ASP.NET Core
dotnet add package Microsoft.Extensions.Azure
# For brokered authentication (Windows)
dotnet add package Azure.Identity.Broker
Current Versions: Stable v1.17.1, Preview v1.18.0-beta.2
AZURE_CLIENT_ID=
AZURE_TENANT_ID=
AZURE_CLIENT_SECRET=
AZURE_CLIENT_ID=
AZURE_TENANT_ID=
AZURE_CLIENT_CERTIFICATE_PATH=
AZURE_CLIENT_CERTIFICATE_PASSWORD= # Optional
AZURE_CLIENT_ID= # Only for user-assigned
The recommended credential for most scenarios. Tries multiple authentication methods in order:
| Order | Credential | Enabled by Default |
|---|---|---|
| 1 | EnvironmentCredential | Yes |
| 2 | WorkloadIdentityCredential | Yes |
| 3 | ManagedIdentityCredential | Yes |
| 4 | VisualStudioCredential | Yes |
| 5 | VisualStudioCodeCredential | Yes |
| 6 | AzureCliCredential | Yes |
| 7 | AzurePowerShellCredential | Yes |
| 8 | AzureDeveloperCliCredential | Yes |
| 9 | InteractiveBrowserCredential | No |
using Azure.Identity;
using Azure.Storage.Blobs;
var credential = new DefaultAzureCredential();
var blobClient = new BlobServiceClient(
new Uri("https://myaccount.blob.core.windows.net"),
credential);
using Azure.Identity;
using Microsoft.Extensions.Azure;
builder.Services.AddAzureClients(clientBuilder =>
{
clientBuilder.AddBlobServiceClient(
new Uri("https://myaccount.blob.core.windows.net"));
clientBuilder.AddSecretClient(
new Uri("https://myvault.vault.azure.net"));
// Uses DefaultAzureCredential by default
clientBuilder.UseCredential(new DefaultAzureCredential());
});
var credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions
{
ExcludeEnvironmentCredential = true,
ExcludeManagedIdentityCredential = false,
ExcludeVisualStudioCredential = false,
ExcludeAzureCliCredential = false,
ExcludeInteractiveBrowserCredential = false, // Enable interactive
TenantId = "",
ManagedIdentityClientId = ""
});
// System-assigned managed identity
var credential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);
// User-assigned by client ID
var credential = new ManagedIdentityCredential(
ManagedIdentityId.FromUserAssignedClientId(""));
// User-assigned by resource ID
var credential = new ManagedIdentityCredential(
ManagedIdentityId.FromUserAssignedResourceId(""));
var credential = new ClientSecretCredential(
tenantId: "",
clientId: "",
clientSecret: "");
var client = new SecretClient(
new Uri("https://myvault.vault.azure.net"),
credential);
var certificate = X509CertificateLoader.LoadCertificateFromFile("MyCertificate.pfx");
var credential = new ClientCertificateCredential(
tenantId: "",
clientId: "",
certificate);
var credential = new ChainedTokenCredential(
new ManagedIdentityCredential(),
new AzureCliCredential());
var client = new SecretClient(
new Uri("https://myvault.vault.azure.net"),
credential);
// Azure CLI
var credential = new AzureCliCredential();
// Azure PowerShell
var credential = new AzurePowerShellCredential();
// Azure Developer CLI (azd)
var credential = new AzureDeveloperCliCredential();
// Visual Studio
var credential = new VisualStudioCredential();
// Interactive Browser
var credential = new InteractiveBrowserCredential();
// Production vs Development
TokenCredential credential = builder.Environment.IsProduction()
? new ManagedIdentityCredential("")
: new DefaultAzureCredential();
var credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzureGovernment
});
// Available authority hosts:
// AzureAuthorityHosts.AzurePublicCloud (default)
// AzureAuthorityHosts.AzureGovernment
// AzureAuthorityHosts.AzureChina
// AzureAuthorityHosts.AzureGermany
| Category | Credential | Purpose |
|---|---|---|
| Chains | DefaultAzureCredential | Preconfigured chain for dev-to-prod |
ChainedTokenCredential | Custom credential chain | |
| Azure-Hosted | ManagedIdentityCredential | Azure managed identity |
WorkloadIdentityCredential | Kubernetes workload identity | |
EnvironmentCredential | Environment variables | |
| Service Principal | ClientSecretCredential | Client ID + secret |
ClientCertificateCredential | Client ID + certificate | |
ClientAssertionCredential | Signed client assertion | |
| User | InteractiveBrowserCredential | Browser-based auth |
DeviceCodeCredential | Device code flow | |
OnBehalfOfCredential | Delegated identity | |
| Developer | AzureCliCredential | Azure CLI |
AzurePowerShellCredential | Azure PowerShell | |
AzureDeveloperCliCredential | Azure Developer CLI | |
VisualStudioCredential | Visual Studio |
// Development
var devCredential = new DefaultAzureCredential();
// Production - use specific credential
var prodCredential = new ManagedIdentityCredential("");
// Good: Single credential instance shared across clients
var credential = new DefaultAzureCredential();
var blobClient = new BlobServiceClient(blobUri, credential);
var secretClient = new SecretClient(vaultUri, credential);
var options = new ManagedIdentityCredentialOptions(
ManagedIdentityId.FromUserAssignedClientId(clientId))
{
Retry =
{
MaxRetries = 3,
Delay = TimeSpan.FromSeconds(0.5),
}
};
var credential = new ManagedIdentityCredential(options);
using Azure.Core.Diagnostics;
using AzureEventSourceListener listener = new((args, message) =>
{
if (args is { EventSource.Name: "Azure-Identity" })
{
Console.WriteLine(message);
}
}, EventLevel.LogAlways);
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;
var client = new SecretClient(
new Uri("https://myvault.vault.azure.net"),
new DefaultAzureCredential());
try
{
KeyVaultSecret secret = await client.GetSecretAsync("secret1");
}
catch (AuthenticationFailedException e)
{
Console.WriteLine($"Authentication Failed: {e.Message}");
}
catch (CredentialUnavailableException e)
{
Console.WriteLine($"Credential Unavailable: {e.Message}");
}
| Exception | Description |
|---|---|
AuthenticationFailedException | Base exception for authentication errors |
CredentialUnavailableException | Credential cannot authenticate in current environment |
AuthenticationRequiredException | Interactive authentication is required |
Supported Azure services:
All credential implementations are thread-safe. A single credential instance can be safely shared across multiple clients and threads.
| SDK | Purpose | Install |
|---|---|---|
Azure.Identity | Authentication (this SDK) | dotnet add package Azure.Identity |
Microsoft.Extensions.Azure | DI integration | dotnet add package Microsoft.Extensions.Azure |
Azure.Identity.Broker | Brokered auth (Windows) | dotnet add package Azure.Identity.Broker |
Install via CLI
npx mdskills install sickn33/azure-identity-dotnetAzure Identity Dotnet is a free, open-source AI agent skill. |
Install Azure Identity Dotnet with a single command:
npx mdskills install sickn33/azure-identity-dotnetThis downloads the skill files into your project and your AI agent picks them up automatically.
Azure Identity Dotnet works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.