Search code examples
azureauthentication

Using DefaultAzureCredentials with Client secret

How can I use clientid, clientsecret and tenantid with DefaultAzureCredentials?

Most examples ask to set the following env variables

AZURE_TENANT_ID
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET

However, I want to pass these directly in my .NET code. How can I do that?

DefaultAzureCredentialOptions defaultAzureCredentialOptions = new DefaultAzureCredentialOptions() 
{ 
    TenantId = "xxxxxxxxxxxxxxxxx",
    ExcludeInteractiveBrowserCredential = true,
    ExcludeVisualStudioCredential = true,
    ExcludeAzurePowerShellCredential = true,
    ExcludeSharedTokenCacheCredential = true,
    ExcludeVisualStudioCodeCredential = true
};
Solution

  • Note that: DefaultAzureCredential Class by default depends on the environment. Refer this MsDoc

    • A service principal configured using environment variables.
    • DefaultAzureCredential is designed to depend on the environment and it cannot be changed.
    • This credential can authenticate as a service principal using either a client secret or a certificate. The configuration attempts to use the environment variables.

    As you want to pass these values directly in the code, you can make use of below code as a workaround:

    You can set the Environment variables in the code directly as it is required to do it by default

    class Program
{
    static void Main(string[] args)
    {
        
        string tenantId = "TenantID";
        string clientId = "ClientID";
        string clientSecret = "ClientSecret";

        Environment.SetEnvironmentVariable("AZURE_TENANT_ID", tenantId);
        Environment.SetEnvironmentVariable("AZURE_CLIENT_ID", clientId);
        Environment.SetEnvironmentVariable("AZURE_CLIENT_SECRET", clientSecret);

        Console.WriteLine("Setting Azure credentials as environment variables");

        var defaultAzureCredentialOptions = new DefaultAzureCredentialOptions
        {
            ExcludeEnvironmentCredential = false,
            ExcludeManagedIdentityCredential = true,
            ExcludeSharedTokenCacheCredential = true,
            ExcludeVisualStudioCredential = false,
            ExcludeVisualStudioCodeCredential = false,
            ExcludeAzureCliCredential = true,
            ExcludeInteractiveBrowserCredential = true
        };

        var credential = new DefaultAzureCredential(defaultAzureCredentialOptions);

        var accessToken = credential.GetToken(
            new Azure.Core.TokenRequestContext(scopes: new[] { "https://graph.microsoft.com/.default" }));

        Console.WriteLine($"Access Token: {accessToken.Token}");
    }
}

    enter image description here

    Otherwise, you can make use of ClientSecretCredential Class where you can pass the values directly like below:

    class Program
{
    static void Main(string[] args)
    {
        string tenantId = "TenantID";
        string clientId = "ClientID";
        string clientSecret = "ClientSecret";

        var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
        var tokenRequestContext = new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" });
        var accessToken = credential.GetToken(tokenRequestContext);

        Console.WriteLine($"Access Token: {accessToken.Token}");
    }
}

    enter image description here