Share via


DefaultAzureCredential Class

Definition

DefaultAzureCredential simplifies authentication while developing applications that deploy to Azure by combining credentials used in Azure hosting environments and credentials used in local development. In production, it's better to use a specific credential type so authentication is more predictable and easier to debug.

DefaultAzureCredential attempts to authenticate with each of these credential types, in the following order, stopping when one provides a token:

Consult the documentation of these credential types for more information on how they attempt authentication.
public class DefaultAzureCredential : Azure.Core.TokenCredential
type DefaultAzureCredential = class
    inherit TokenCredential
Public Class DefaultAzureCredential
Inherits TokenCredential
Inheritance
DefaultAzureCredential

Examples

This example demonstrates authenticating the BlobClient from the Azure.Storage.Blobs client library using the DefaultAzureCredential, deployed to an Azure resource with a user-assigned managed identity configured.

// When deployed to an Azure host, DefaultAzureCredential will authenticate the specified user-assigned managed identity.

string userAssignedClientId = "<your managed identity client ID>";
var credential = new DefaultAzureCredential(
    new DefaultAzureCredentialOptions
    {
        ManagedIdentityClientId = userAssignedClientId
    });

var blobClient = new BlobClient(
    new Uri("https://myaccount.blob.core.windows.net/mycontainer/myblob"),
    credential);

Remarks

Note that credentials requiring user interaction, such as the InteractiveBrowserCredential, are not included by default. Callers must explicitly enable this when constructing the DefaultAzureCredential either by setting the includeInteractiveCredentials parameter to true, or the setting the ExcludeInteractiveBrowserCredential property to false when passing DefaultAzureCredentialOptions.

Constructors

DefaultAzureCredential()

Protected constructor for mocking.

DefaultAzureCredential(Boolean)

Creates an instance of the DefaultAzureCredential class.

DefaultAzureCredential(DefaultAzureCredentialOptions)

Creates an instance of the DefaultAzureCredential class.

Methods

GetToken(TokenRequestContext, CancellationToken)

Sequentially calls GetToken(TokenRequestContext, CancellationToken) on all the included credentials in the order EnvironmentCredential, ManagedIdentityCredential, SharedTokenCacheCredential, and InteractiveBrowserCredential returning the first successfully obtained AccessToken. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.

GetTokenAsync(TokenRequestContext, CancellationToken)

Sequentially calls GetToken(TokenRequestContext, CancellationToken) on all the included credentials in the order EnvironmentCredential, ManagedIdentityCredential, SharedTokenCacheCredential, and InteractiveBrowserCredential returning the first successfully obtained AccessToken. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.

Applies to