| title | description | ms.date | author | ms.author | ms.topic |
|---|---|---|---|---|---|
Authenticate with the Azure libraries for .NET |
Authenticate into the Azure libraries for .NET |
08/22/2018 |
CamSoper |
casoper |
conceptual |
Most Azure service libraries require a connection string or keys for authentication. For example, SQL Database uses a standard SQL connection string:
var builder = new SqlConnectionStringBuilder();
builder.DataSource = "example.database.windows.net";
builder.InitialCatalog = "MyDatabase";
builder.UserID = "sampleuser@example"; // Format user ID as "user@server"
builder.Password = password;
builder.Encrypt = true;
builder.TrustServerCertificate = true;
using (var conn = new SqlConnection(builder.ConnectionString))
{
conn.Open();
// Do things with the connection...
// ...
}Azure Storage uses a storage key:
string storageConnectionString = "DefaultEndpointsProtocol=https;"
+ "AccountName=" + storageName
+ ";AccountKey=" + storageKey
+ ";EndpointSuffix=core.windows.net";
var account = CloudStorageAccount.Parse(storageConnectionString);
// Do things with the account here...Service connection strings are used in other Azure services like CosmosDB, Redis Cache, and Service Bus and you can get those strings using the Azure portal, CLI, or PowerShell. You can also use the Azure management libraries for .NET to query resources to build connection strings in your code.
This snippet uses the management libraries to create a storage account connection string:
// Get a storage account
var storage = azure.StorageAccounts.GetByResourceGroup("myResourceGroup", "myStorageAccount");
// Extract the keys
var storageKeys = storage.GetKeys();
// Build the connection string
string storageConnectionString = "DefaultEndpointsProtocol=https;"
+ "AccountName=" + storage.Name
+ ";AccountKey=" + storageKeys[0].Value
+ ";EndpointSuffix=core.windows.net";
// Connect
var account = CloudStorageAccount.Parse(storageConnectionString);
// Do things with the account here...Other libraries require your application to run with a service principal authorizing the application to run with granted credentials. This configuration is similar to the object-based authentication steps for the management library listed below.
[!includeCreate service principal]
Now that the service principal is created, two options are available to authenticate to the service principal to create and manage resources.
For both options you will need to add the following nuget packages to your project.
Install-Package Microsoft.Azure.Management.Fluent
Install-Package Microsoft.Azure.Management.ResourceManager.Fluent
The first method is to build the token credential object in code. You should store the credentials securely in a configuration file, the registry, or Azure KeyVault.
var credentials = SdkContext.AzureCredentialsFactory
.FromServicePrincipal(clientId,
clientSecret,
tenantId,
AzureEnvironment.AzureGlobalCloud);Use the clientId, clientSecret, and tenantId values from the JSON output when you created the service principal.
Then create the entry point Azure object to start working with the API:
var azure = Microsoft.Azure.Management.Fluent.Azure
.Configure()
.Authenticate(credentials)
.WithDefaultSubscription();File-based authentication allows you to put the service principal credentials in a plain text file and secure it within the file system.
[!includeFile-based authentication]
Read the contents of the file and create the entry point Azure object to start working with the API:
// pull in the location of the authentication properties file from the environment
var credentials = SdkContext.AzureCredentialsFactory
.FromFile(Environment.GetEnvironmentVariable("AZURE_AUTH_LOCATION"));
var azure = Microsoft.Azure.Management.Fluent.Azure
.Configure()
.Authenticate(credentials)
.WithDefaultSubscription();