EnvironmentCredential Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Enables authentication to Azure Active Directory using a client secret or certificate, or as a user with a username and password.
Configuration is attempted in this order, using these environment variables:
Service principal with secret:| Variable | Description |
|---|---|
| AZURE_TENANT_ID | The Azure Active Directory tenant (directory) ID. |
| AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
| AZURE_CLIENT_SECRET | A client secret that was generated for the App Registration. |
| Variable | Description |
|---|---|
| AZURE_TENANT_ID | The Azure Active Directory tenant (directory) ID. |
| AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
| AZURE_CLIENT_CERTIFICATE_PATH | A path to certificate and private key pair in PEM or PFX format, which can authenticate the App Registration. |
| AZURE_CLIENT_CERTIFICATE_PASSWORD | (Optional) The password protecting the certificate file (currently only supported for PFX (PKCS12) certificates). |
| AZURE_CLIENT_SEND_CERTIFICATE_CHAIN | (Optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to `true` or `1`, authentication requests include the x5c header. |
| Variable | Description |
|---|---|
| AZURE_TENANT_ID | The Azure Active Directory tenant (directory) ID. |
| AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
| AZURE_USERNAME | The username, also known as upn, of an Azure Active Directory user account. |
| AZURE_PASSWORD | The password of the Azure Active Directory user account. Note this does not support accounts with MFA enabled. |
This credential ultimately uses a ClientSecretCredential, ClientCertificateCredential, or UsernamePasswordCredential to perform the authentication using these details. Please consult the documentation of that class for more details.
public class EnvironmentCredential : Azure.Core.TokenCredentialtype EnvironmentCredential = class
inherit TokenCredentialPublic Class EnvironmentCredential
Inherits TokenCredential- Inheritance
Constructors
| EnvironmentCredential() |
Creates an instance of the EnvironmentCredential class and reads client secret details from environment variables. If the expected environment variables are not found at this time, the GetToken method will return the default AccessToken when invoked. |
| EnvironmentCredential(EnvironmentCredentialOptions) |
Creates an instance of the EnvironmentCredential class and reads client secret details from environment variables. If the expected environment variables are not found at this time, the GetToken method will return the default AccessToken when invoked. |
| EnvironmentCredential(TokenCredentialOptions) |
Creates an instance of the EnvironmentCredential class and reads client secret details from environment variables. If the expected environment variables are not found at this time, the GetToken method will return the default AccessToken when invoked. |
Methods
| GetToken(TokenRequestContext, CancellationToken) |
Obtains a token from the Azure Active Directory service, using the specified client details specified in the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD to authenticate. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness. |
| GetTokenAsync(TokenRequestContext, CancellationToken) |
Obtains a token from the Azure Active Directory service, using the specified client details specified in the environment variables AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET or AZURE_USERNAME and AZURE_PASSWORD to authenticate. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness. |
Applies to
Feedback
Submit and view feedback for