Azure.Identity Namespace

Classes

AuthenticationFailedException

An exception class raised for errors in authenticating client requests.

AuthenticationRecord

Account information relating to an authentication request.

AuthenticationRequiredException

An exception indicating that interactive authentication is required.

AuthorizationCodeCredential

Authenticates by redeeming an authorization code previously obtained from Microsoft Entra ID. See https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow for more information about the authorization code authentication flow.

AuthorizationCodeCredentialOptions

Options used to configure the AuthorizationCodeCredential.

AzureAuthorityHosts

Defines fields exposing the well known authority hosts for the Azure Public Cloud and sovereign clouds.

AzureCliCredential

Enables authentication to Microsoft Entra ID using Azure CLI to obtain an access token.

AzureCliCredentialOptions

Options for configuring the AzureCliCredential.

AzureDeveloperCliCredential

Enables authentication to Microsoft Entra ID using Azure Developer CLI to obtain an access token.

AzureDeveloperCliCredentialOptions

Options for configuring the AzureDeveloperCliCredential.

AzurePipelinesCredential

Credential which authenticates using an Azure Pipelines service connection. For usage instructions, see Authenticating in Azure Pipelines with service connections.

AzurePipelinesCredentialOptions

Options used to configure the AzurePipelinesCredential.

AzurePowerShellCredential

Enables authentication to Microsoft Entra ID using Azure PowerShell to obtain an access token.

AzurePowerShellCredentialOptions

Options for configuring the AzurePowerShellCredential.

BrowserCustomizationOptions

Options to customize browser view.

ChainedTokenCredential

Provides a TokenCredential implementation which chains multiple TokenCredential implementations to be tried in order until one of the GetToken methods returns a non-default AccessToken. For more information, see ChainedTokenCredential overview.

ClientAssertionCredential

Enables authentication of a Microsoft Entra service principal using a signed client assertion.

ClientAssertionCredentialOptions

Options used to configure the ClientAssertionCredential.

ClientCertificateCredential

Enables authentication of a service principal to Microsoft Entra ID using a X509 certificate that is assigned to its App Registration. More information on how to configure certificate authentication can be found at https://learn.microsoft.com/entra/identity-platform/certificate-credentials#register-your-certificate-with-microsoft-identity-platform.

ClientCertificateCredentialOptions

Options used to configure the ClientCertificateCredential.

ClientSecretCredential

Enables authentication to Microsoft Entra ID using a client secret that was generated for an App Registration. More information on how to configure a client secret can be found at https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application.

ClientSecretCredentialOptions

Options used to configure the ClientSecretCredential.

CredentialUnavailableException

An exception indicating a TokenCredential did not attempt to authenticate and retrieve AccessToken, as its prerequisite information or state was not available.

DefaultAzureCredential

Simplifies authentication while developing apps that deploy to Azure by combining credentials used in Azure hosting environments with credentials used in local development. In production, it's better to use something else. See Usage guidance for DefaultAzureCredential.

Attempts to authenticate with each of these credentials, in the following order, stopping when one provides a token:

Consult the documentation of these credentials for more information on how they attempt authentication.
DefaultAzureCredentialOptions

Options to configure the DefaultAzureCredential authentication flow and requests made to Azure Identity services.

DeviceCodeCredential

A TokenCredential implementation which authenticates a user using the device code flow, and provides access tokens for that user account. For more information on the device code authentication flow see https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Device-Code-Flow.

DeviceCodeCredentialOptions

Options to configure the DeviceCodeCredential.

EnvironmentCredential

Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user with a username and password.

Configuration is attempted in this order, using these environment variables:

Service principal with secret:
VariableDescription
AZURE_TENANT_IDThe Microsoft Entra tenant (directory) ID.
AZURE_CLIENT_IDThe client (application) ID of an App Registration in the tenant.
AZURE_CLIENT_SECRETA client secret that was generated for the App Registration.
Service principal with certificate:
VariableDescription
AZURE_TENANT_IDThe Microsoft Entra tenant (directory) ID.
AZURE_CLIENT_IDThe client (application) ID of an App Registration in the tenant.
AZURE_CLIENT_CERTIFICATE_PATHA path to certificate and private key pair in PEM or PFX format, which can authenticate the App Registration.
AZURE_CLIENT_CERTIFICATE_PASSWORD(Optional) The password protecting the certificate file (currently only supported for PFX (PKCS12) certificates).
AZURE_CLIENT_SEND_CERTIFICATE_CHAIN(Optional) Specifies whether an authentication request will include an x5c header to support subject name / issuer based authentication. When set to `true` or `1`, authentication requests include the x5c header.
Username and password:
VariableDescription
AZURE_TENANT_IDThe Microsoft Entra tenant (directory) ID.
AZURE_CLIENT_IDThe client (application) ID of an App Registration in the tenant.
AZURE_USERNAMEThe username, also known as upn, of a Microsoft Entra user account.
AZURE_PASSWORDThe password of the Microsoft Entra user account. Note this does not support accounts with MFA enabled.

This credential ultimately uses a ClientSecretCredential, ClientCertificateCredential, or UsernamePasswordCredential to perform the authentication using these details. Please consult the documentation of that class for more details.

EnvironmentCredentialOptions

Options used to configure the EnvironmentCredential.

IdentityModelFactory

Model factory that enables mocking for the Azure Identity library.

InteractiveBrowserCredential

A TokenCredential implementation which launches the system default browser to interactively authenticate a user, and obtain an access token. The browser will only be launched to authenticate the user once, then will silently acquire access tokens through the users refresh token as long as it's valid.

InteractiveBrowserCredentialOptions

Options to configure the InteractiveBrowserCredential.

ManagedIdentityCredential

Attempts authentication using a managed identity that has been assigned to the deployment environment. This authentication type works for all Azure-hosted environments that support managed identity. More information about configuring managed identities can be found at https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview.

ManagedIdentityCredentialOptions

Options used to configure the ManagedIdentityCredential.

ManagedIdentityId

Defines the configuration for a managed identity enabled on a resource.

OnBehalfOfCredential

Enables authentication to Microsoft Entra ID using an On-Behalf-Of flow.

OnBehalfOfCredentialOptions
SharedTokenCacheCredential

Authenticates using tokens in a local cache file. This is a legacy mechanism for authenticating clients using credentials provided to Visual Studio. This mechanism for Visual Studio authentication has been replaced by the VisualStudioCredential.

SharedTokenCacheCredentialOptions

Options to configure the SharedTokenCacheCredential authentication.

TokenCachePersistenceOptions

Options controlling the storage of the token cache.

TokenCacheRefreshArgs

Args sent to TokenCache OnBefore and OnAfter events.

TokenCacheUpdatedArgs

Data regarding an update of a token cache.

TokenCredentialDiagnosticsOptions

Exposes client options related to logging, telemetry, and distributed tracing.

TokenCredentialOptions

Options to configure requests made to the OAUTH identity service.

UnsafeTokenCacheOptions

Options controlling the storage of the token cache.

UsernamePasswordCredential

Enables authentication to Microsoft Entra ID using a user's username and password. If the user has MFA enabled this credential will fail to get a token throwing an AuthenticationFailedException. Also, this credential requires a high degree of trust and is not recommended outside of prototyping when more secure credentials can be used.

UsernamePasswordCredentialOptions

Options to configure the UsernamePasswordCredential.

VisualStudioCodeCredential

Enables authentication to Microsoft Entra ID as the user signed in to Visual Studio Code via the 'Azure Account' extension.

It's a known issue that VisualStudioCodeCredential doesn't work with Azure Account extension versions newer than 0.9.11. A long-term fix to this problem is in progress. In the meantime, consider authenticating with AzureCliCredential.

VisualStudioCodeCredentialOptions

Options for configuring the VisualStudioCodeCredential.

VisualStudioCredential

Enables authentication to Microsoft Entra ID using data from Visual Studio 2017 or later. See https://learn.microsoft.com/dotnet/azure/configure-visual-studio for more information on how to configure Visual Studio for Azure development.

VisualStudioCredentialOptions

Options for configuring the VisualStudioCredential.

WorkloadIdentityCredential

WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Kubernetes and other hosts supporting workload identity. Refer to Microsoft Entra Workload ID for more information.

WorkloadIdentityCredentialOptions

Options used to configure the WorkloadIdentityCredential.

Structs

DeviceCodeInfo

Details of the device code to present to a user to allow them to authenticate through the device code authentication flow.

TokenCacheData

Details related to a UnsafeTokenCacheOptions cache delegate.