How do I determine the Client Id of a user-assigned managed identity to an app service or function running on Azure? It's possible to assign multiple user-assigned managed identities and I'd like to get a list of the ones assigned to my app at runtime.
The goal of this is to avoid having to store the client id of the managed user identity in configuration for use in creating a DefaultAzureCredential for accessing KeyVault and other resources.
Right now my code looks like the following:
string managedIdentityClientId = Environment.GetEnvironmentVariable("ManagedIdentityClientId", EnvironmentVariableTarget.Process);
var options = new DefaultAzureCredentialOptions { ManagedIdentityClientId = managedIdentityClientId };
var keyVaultCredentials = new DefaultAzureCredential(options);
I'd like to avoid storing the ManagedIdentityClientId in app settings and simply read it from the configured app service if possible.
There is no way to get the client id of the user-assigned managed identity at runtime without credentials.
Even if you can use another way e.g. call the REST API in the code to get them, you will also need to use another credential(e.g. service principal), means you also need to expose the client id and secret in the code or store them in the app setting, this makes no sense.
So in your case, I think storing the client id in the app setting is the most feasible way to use MSI.