Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
DefaultAzureCredential Class
Definition
- Namespace:
- Azure.Identity
- Assemblies:
- Azure.Core.dll, Azure.Identity.dll
- Assembly:
- Azure.Identity.dll
- Packages:
- Azure.Core v1.58.0, Azure.Identity v1.17.2
- Package:
- Azure.Identity v1.18.0-beta.3
- Source:
- DefaultAzureCredential.cs
- Source:
- DefaultAzureCredential.cs
Important
Some information relates to prerelease product that may be substantially modified before itβs released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Simplifies authentication while developing apps that deploy to Azure by combining credentials used in Azure hosting environments with credentials used in local development. In production, it's better to use something else. See Usage guidance for DefaultAzureCredential.
Attempts to authenticate with each of these credentials, in the following order, stopping when one provides a token:
- EnvironmentCredential
- WorkloadIdentityCredential
- ManagedIdentityCredential
- VisualStudioCredential
- VisualStudioCodeCredential (enabled by default for SSO with VS Code on supported platforms when Azure.Identity.Broker is installed)
- AzureCliCredential
- AzurePowerShellCredential
- AzureDeveloperCliCredential
- InteractiveBrowserCredential
- BrokerCredential (a broker-enabled instance of InteractiveBrowserCredential that requires Azure.Identity.Broker is installed)
public class DefaultAzureCredential : Azure.Core.TokenCredentialtype DefaultAzureCredential = class
inherit TokenCredentialPublic Class DefaultAzureCredential
Inherits TokenCredential- Inheritance
Examples
This example demonstrates authenticating the BlobClient from the Azure.Storage.Blobs client library using DefaultAzureCredential, deployed to an Azure resource with a user-assigned managed identity configured.
// When deployed to an Azure host, DefaultAzureCredential will authenticate the specified user-assigned managed identity.
string userAssignedClientId = "<your managed identity client ID>";
var credential = new DefaultAzureCredential(
new DefaultAzureCredentialOptions
{
ManagedIdentityClientId = userAssignedClientId
});
var blobClient = new BlobClient(
new Uri("https://myaccount.blob.core.windows.net/mycontainer/myblob"),
credential);
Remarks
Note that credentials requiring user interaction, such as the InteractiveBrowserCredential, are excluded by default. Callers must explicitly enable this when constructing DefaultAzureCredential either by setting the includeInteractiveCredentials parameter to true, or the setting the ExcludeInteractiveBrowserCredential property to false when passing DefaultAzureCredentialOptions.
Constructors
| Name | Description |
|---|---|
| DefaultAzureCredential() |
Protected constructor for mocking. |
| DefaultAzureCredential(Boolean) |
Creates an instance of the DefaultAzureCredential class. |
| DefaultAzureCredential(DefaultAzureCredentialOptions) |
Creates an instance of the DefaultAzureCredential class. |
| DefaultAzureCredential(String, DefaultAzureCredentialOptions) |
Creates an instance of the DefaultAzureCredential class that reads credential configuration from a specified environment variable. |
Fields
| Name | Description |
|---|---|
| DefaultEnvironmentVariableName |
The default environment variable name used for token credential configuration. |
Methods
| Name | Description |
|---|---|
| CreateTokenOptions(IReadOnlyDictionary<String,Object>) |
Creates a new instance of GetTokenOptions using the provided |
| GetToken(GetTokenOptions, CancellationToken) |
Gets an AuthenticationToken for the provided |
| GetToken(TokenRequestContext, CancellationToken) |
Sequentially calls GetToken(TokenRequestContext, CancellationToken) on all the included credentials, returning the first successfully obtained AccessToken. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness. |
| GetTokenAsync(GetTokenOptions, CancellationToken) |
Gets an AuthenticationToken for the provided |
| GetTokenAsync(TokenRequestContext, CancellationToken) |
Sequentially calls GetToken(TokenRequestContext, CancellationToken) on all the included credentials, returning the first successfully obtained AccessToken. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness. |
Applies to
Azure SDK for .NET
Feedback
Was this page helpful?