DefaultAzureCredential Class

Definition

Namespace:

Azure.Identity

Assembly:

Azure.Identity.dll

Package:

Azure.Identity v1.12.0

Source:

DefaultAzureCredential.cs

Simplifies authentication while developing apps that deploy to Azure by combining credentials used in Azure hosting environments with credentials used in local development. In production, it's better to use something else. See Usage guidance for DefaultAzureCredential.

Attempts to authenticate with each of these credentials, in the following order, stopping when one provides a token:

• EnvironmentCredential
• WorkloadIdentityCredential
• ManagedIdentityCredential
• SharedTokenCacheCredential
• VisualStudioCredential
• VisualStudioCodeCredential
• AzureCliCredential
• AzurePowerShellCredential
• AzureDeveloperCliCredential
• InteractiveBrowserCredential

Consult the documentation of these credentials for more information on how they attempt authentication.

public class DefaultAzureCredential : Azure.Core.TokenCredential

type DefaultAzureCredential = class
    inherit TokenCredential

Public Class DefaultAzureCredential
Inherits TokenCredential

Inheritance

Object

TokenCredential

DefaultAzureCredential

Examples

This example demonstrates authenticating the BlobClient from the Azure.Storage.Blobs client library using DefaultAzureCredential, deployed to an Azure resource with a user-assigned managed identity configured.

// When deployed to an Azure host, DefaultAzureCredential will authenticate the specified user-assigned managed identity.

string userAssignedClientId = "<your managed identity client ID>";
var credential = new DefaultAzureCredential(
    new DefaultAzureCredentialOptions
    {
        ManagedIdentityClientId = userAssignedClientId
    });

var blobClient = new BlobClient(
    new Uri("https://myaccount.blob.core.windows.net/mycontainer/myblob"),
    credential);

Remarks

Note that credentials requiring user interaction, such as the InteractiveBrowserCredential, are excluded by default. Callers must explicitly enable this when constructing DefaultAzureCredential either by setting the includeInteractiveCredentials parameter to true, or the setting the ExcludeInteractiveBrowserCredential property to false when passing DefaultAzureCredentialOptions.

Constructors

DefaultAzureCredential()	Protected constructor for mocking.
DefaultAzureCredential(Boolean)	Creates an instance of the DefaultAzureCredential class.
DefaultAzureCredential(DefaultAzureCredentialOptions)	Creates an instance of the DefaultAzureCredential class.

Methods

GetToken(TokenRequestContext, CancellationToken)	Sequentially calls GetToken(TokenRequestContext, CancellationToken) on all the included credentials, returning the first successfully obtained AccessToken. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.
GetTokenAsync(TokenRequestContext, CancellationToken)	Sequentially calls GetToken(TokenRequestContext, CancellationToken) on all the included credentials, returning the first successfully obtained AccessToken. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.