[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-32177b69-3704-4cbc-b177-d80ec00ea2af":3,"$f7DvSOYqEtQRgT1V-DtPUl9KjILauYWevGtKEj7YSvTg":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"32177b69-3704-4cbc-b177-d80ec00ea2af","azure-identity-dotnet","Azure Identity SDK for .NET。用于Azure SDK客户端的Microsoft Entra ID认证库。适用于DefaultAzureCredential、托管标识、服务主体和开发者凭据。","cat_coding_devops","mod_coding","sickn33,coding","---\nname: azure-identity-dotnet\ndescription: Azure Identity SDK for .NET. Authentication library for Azure SDK clients using Microsoft Entra ID. Use for DefaultAzureCredential, managed identity, service principals, and developer credentials.\nrisk: unknown\nsource: community\ndate_added: '2026-02-27'\n---\n\n# Azure.Identity (.NET)\n\nAuthentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).\n\n## Installation\n\n```bash\ndotnet add package Azure.Identity\n\n# For ASP.NET Core\ndotnet add package Microsoft.Extensions.Azure\n\n# For brokered authentication (Windows)\ndotnet add package Azure.Identity.Broker\n```\n\n**Current Versions**: Stable v1.17.1, Preview v1.18.0-beta.2\n\n## Environment Variables\n\n### Service Principal with Secret\n```bash\nAZURE_CLIENT_ID=\u003Capplication-client-id>\nAZURE_TENANT_ID=\u003Cdirectory-tenant-id>\nAZURE_CLIENT_SECRET=\u003Cclient-secret-value>\n```\n\n### Service Principal with Certificate\n```bash\nAZURE_CLIENT_ID=\u003Capplication-client-id>\nAZURE_TENANT_ID=\u003Cdirectory-tenant-id>\nAZURE_CLIENT_CERTIFICATE_PATH=\u003Cpath-to-pfx-or-pem>\nAZURE_CLIENT_CERTIFICATE_PASSWORD=\u003Ccertificate-password>  # Optional\n```\n\n### Managed Identity\n```bash\nAZURE_CLIENT_ID=\u003Cuser-assigned-managed-identity-client-id>  # Only for user-assigned\n```\n\n## DefaultAzureCredential\n\nThe recommended credential for most scenarios. Tries multiple authentication methods in order:\n\n| Order | Credential | Enabled by Default |\n|-------|------------|-------------------|\n| 1 | EnvironmentCredential | Yes |\n| 2 | WorkloadIdentityCredential | Yes |\n| 3 | ManagedIdentityCredential | Yes |\n| 4 | VisualStudioCredential | Yes |\n| 5 | VisualStudioCodeCredential | Yes |\n| 6 | AzureCliCredential | Yes |\n| 7 | AzurePowerShellCredential | Yes |\n| 8 | AzureDeveloperCliCredential | Yes |\n| 9 | InteractiveBrowserCredential | **No** |\n\n### Basic Usage\n\n```csharp\nusing Azure.Identity;\nusing Azure.Storage.Blobs;\n\nvar credential = new DefaultAzureCredential();\nvar blobClient = new BlobServiceClient(\n    new Uri(\"https:\u002F\u002Fmyaccount.blob.core.windows.net\"),\n    credential);\n```\n\n### ASP.NET Core with Dependency Injection\n\n```csharp\nusing Azure.Identity;\nusing Microsoft.Extensions.Azure;\n\nbuilder.Services.AddAzureClients(clientBuilder =>\n{\n    clientBuilder.AddBlobServiceClient(\n        new Uri(\"https:\u002F\u002Fmyaccount.blob.core.windows.net\"));\n    clientBuilder.AddSecretClient(\n        new Uri(\"https:\u002F\u002Fmyvault.vault.azure.net\"));\n    \n    \u002F\u002F Uses DefaultAzureCredential by default\n    clientBuilder.UseCredential(new DefaultAzureCredential());\n});\n```\n\n### Customizing DefaultAzureCredential\n\n```csharp\nvar credential = new DefaultAzureCredential(\n    new DefaultAzureCredentialOptions\n    {\n        ExcludeEnvironmentCredential = true,\n        ExcludeManagedIdentityCredential = false,\n        ExcludeVisualStudioCredential = false,\n        ExcludeAzureCliCredential = false,\n        ExcludeInteractiveBrowserCredential = false, \u002F\u002F Enable interactive\n        TenantId = \"\u003Ctenant-id>\",\n        ManagedIdentityClientId = \"\u003Cuser-assigned-mi-client-id>\"\n    });\n```\n\n## Credential Types\n\n### ManagedIdentityCredential (Production)\n\n```csharp\n\u002F\u002F System-assigned managed identity\nvar credential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);\n\n\u002F\u002F User-assigned by client ID\nvar credential = new ManagedIdentityCredential(\n    ManagedIdentityId.FromUserAssignedClientId(\"\u003Cclient-id>\"));\n\n\u002F\u002F User-assigned by resource ID\nvar credential = new ManagedIdentityCredential(\n    ManagedIdentityId.FromUserAssignedResourceId(\"\u003Cresource-id>\"));\n```\n\n### ClientSecretCredential\n\n```csharp\nvar credential = new ClientSecretCredential(\n    tenantId: \"\u003Ctenant-id>\",\n    clientId: \"\u003Cclient-id>\",\n    clientSecret: \"\u003Cclient-secret>\");\n\nvar client = new SecretClient(\n    new Uri(\"https:\u002F\u002Fmyvault.vault.azure.net\"),\n    credential);\n```\n\n### ClientCertificateCredential\n\n```csharp\nvar certificate = X509CertificateLoader.LoadCertificateFromFile(\"MyCertificate.pfx\");\nvar credential = new ClientCertificateCredential(\n    tenantId: \"\u003Ctenant-id>\",\n    clientId: \"\u003Cclient-id>\",\n    certificate);\n```\n\n### ChainedTokenCredential (Custom Chain)\n\n```csharp\nvar credential = new ChainedTokenCredential(\n    new ManagedIdentityCredential(),\n    new AzureCliCredential());\n\nvar client = new SecretClient(\n    new Uri(\"https:\u002F\u002Fmyvault.vault.azure.net\"),\n    credential);\n```\n\n### Developer Credentials\n\n```csharp\n\u002F\u002F Azure CLI\nvar credential = new AzureCliCredential();\n\n\u002F\u002F Azure PowerShell\nvar credential = new AzurePowerShellCredential();\n\n\u002F\u002F Azure Developer CLI (azd)\nvar credential = new AzureDeveloperCliCredential();\n\n\u002F\u002F Visual Studio\nvar credential = new VisualStudioCredential();\n\n\u002F\u002F Interactive Browser\nvar credential = new InteractiveBrowserCredential();\n```\n\n## Environment-Based Configuration\n\n```csharp\n\u002F\u002F Production vs Development\nTokenCredential credential = builder.Environment.IsProduction()\n    ? new ManagedIdentityCredential(\"\u003Cclient-id>\")\n    : new DefaultAzureCredential();\n```\n\n## Sovereign Clouds\n\n```csharp\nvar credential = new DefaultAzureCredential(\n    new DefaultAzureCredentialOptions\n    {\n        AuthorityHost = AzureAuthorityHosts.AzureGovernment\n    });\n\n\u002F\u002F Available authority hosts:\n\u002F\u002F AzureAuthorityHosts.AzurePublicCloud (default)\n\u002F\u002F AzureAuthorityHosts.AzureGovernment\n\u002F\u002F AzureAuthorityHosts.AzureChina\n\u002F\u002F AzureAuthorityHosts.AzureGermany\n```\n\n## Credential Types Reference\n\n| Category | Credential | Purpose |\n|----------|------------|---------|\n| **Chains** | `DefaultAzureCredential` | Preconfigured chain for dev-to-prod |\n| | `ChainedTokenCredential` | Custom credential chain |\n| **Azure-Hosted** | `ManagedIdentityCredential` | Azure managed identity |\n| | `WorkloadIdentityCredential` | Kubernetes workload identity |\n| | `EnvironmentCredential` | Environment variables |\n| **Service Principal** | `ClientSecretCredential` | Client ID + secret |\n| | `ClientCertificateCredential` | Client ID + certificate |\n| | `ClientAssertionCredential` | Signed client assertion |\n| **User** | `InteractiveBrowserCredential` | Browser-based auth |\n| | `DeviceCodeCredential` | Device code flow |\n| | `OnBehalfOfCredential` | Delegated identity |\n| **Developer** | `AzureCliCredential` | Azure CLI |\n| | `AzurePowerShellCredential` | Azure PowerShell |\n| | `AzureDeveloperCliCredential` | Azure Developer CLI |\n| | `VisualStudioCredential` | Visual Studio |\n\n## Best Practices\n\n### 1. Use Deterministic Credentials in Production\n\n```csharp\n\u002F\u002F Development\nvar devCredential = new DefaultAzureCredential();\n\n\u002F\u002F Production - use specific credential\nvar prodCredential = new ManagedIdentityCredential(\"\u003Cclient-id>\");\n```\n\n### 2. Reuse Credential Instances\n\n```csharp\n\u002F\u002F Good: Single credential instance shared across clients\nvar credential = new DefaultAzureCredential();\nvar blobClient = new BlobServiceClient(blobUri, credential);\nvar secretClient = new SecretClient(vaultUri, credential);\n```\n\n### 3. Configure Retry Policies\n\n```csharp\nvar options = new ManagedIdentityCredentialOptions(\n    ManagedIdentityId.FromUserAssignedClientId(clientId))\n{\n    Retry =\n    {\n        MaxRetries = 3,\n        Delay = TimeSpan.FromSeconds(0.5),\n    }\n};\nvar credential = new ManagedIdentityCredential(options);\n```\n\n### 4. Enable Logging for Debugging\n\n```csharp\nusing Azure.Core.Diagnostics;\n\nusing AzureEventSourceListener listener = new((args, message) =>\n{\n    if (args is { EventSource.Name: \"Azure-Identity\" })\n    {\n        Console.WriteLine(message);\n    }\n}, EventLevel.LogAlways);\n```\n\n## Error Handling\n\n```csharp\nusing Azure.Identity;\nusing Azure.Security.KeyVault.Secrets;\n\nvar client = new SecretClient(\n    new Uri(\"https:\u002F\u002Fmyvault.vault.azure.net\"),\n    new DefaultAzureCredential());\n\ntry\n{\n    KeyVaultSecret secret = await client.GetSecretAsync(\"secret1\");\n}\ncatch (AuthenticationFailedException e)\n{\n    Console.WriteLine($\"Authentication Failed: {e.Message}\");\n}\ncatch (CredentialUnavailableException e)\n{\n    Console.WriteLine($\"Credential Unavailable: {e.Message}\");\n}\n```\n\n## Key Exceptions\n\n| Exception | Description |\n|-----------|-------------|\n| `AuthenticationFailedException` | Base exception for authentication errors |\n| `CredentialUnavailableException` | Credential cannot authenticate in current environment |\n| `AuthenticationRequiredException` | Interactive authentication is required |\n\n## Managed Identity Support\n\nSupported Azure services:\n- Azure App Service and Azure Functions\n- Azure Arc\n- Azure Cloud Shell\n- Azure Kubernetes Service (AKS)\n- Azure Service Fabric\n- Azure Virtual Machines\n- Azure Virtual Machine Scale Sets\n\n## Thread Safety\n\nAll credential implementations are thread-safe. A single credential instance can be safely shared across multiple clients and threads.\n\n## Related SDKs\n\n| SDK | Purpose | Install |\n|-----|---------|---------|\n| `Azure.Identity` | Authentication (this SDK) | `dotnet add package Azure.Identity` |\n| `Microsoft.Extensions.Azure` | DI integration | `dotnet add package Microsoft.Extensions.Azure` |\n| `Azure.Identity.Broker` | Brokered auth (Windows) | `dotnet add package Azure.Identity.Broker` |\n\n## Reference Links\n\n| Resource | URL |\n|----------|-----|\n| NuGet Package | https:\u002F\u002Fwww.nuget.org\u002Fpackages\u002FAzure.Identity |\n| API Reference | https:\u002F\u002Flearn.microsoft.com\u002Fdotnet\u002Fapi\u002Fazure.identity |\n| Credential Chains | https:\u002F\u002Flearn.microsoft.com\u002Fdotnet\u002Fazure\u002Fsdk\u002Fauthentication\u002Fcredential-chains |\n| Best Practices | https:\u002F\u002Flearn.microsoft.com\u002Fdotnet\u002Fazure\u002Fsdk\u002Fauthentication\u002Fbest-practices |\n| GitHub Source | https:\u002F\u002Fgithub.com\u002FAzure\u002Fazure-sdk-for-net\u002Ftree\u002Fmain\u002Fsdk\u002Fidentity\u002FAzure.Identity |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,81,744,"2026-05-16 13:06:27",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"29f03147-c3c2-40a8-b104-c6587f3001c0","1.0.0","azure-identity-dotnet.zip",3137,"uploads\u002Fskills\u002F32177b69-3704-4cbc-b177-d80ec00ea2af\u002Fazure-identity-dotnet.zip","2560a4eea6f2ebd292cedb3d5672f245e78e90f2c6bc7333b5352524adb6be26","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":9997}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]