0

Is there an example of how to authenticate azure resource using User Managed Identity using c#? I am using the following code to authenticate using system managed identity and it works fine. but not sure about how to pass the user managed identity resource in the following example.

 AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();

        KeyVaultClient keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
        var secret = await keyVaultClient.GetSecretAsync("https://mykeyvaultname.vault.azure.net/secrets/test")
                .ConfigureAwait(false);
        return new string[] { secret.Value };
Pratik Mehta
  • 1,310
  • 4
  • 15
  • 37

1 Answers1

1

Please see the documentation here. This feature is in the 1.2.0-preview version of the library. It only works on Azure VMs and VMSS as of now. You need to set the client id in a connection string, which can either be specified in the constructor or in the env variable (documentation of other connection string options here). In this scenario, the constructor is recommended, so you can use developer identity/ cert for local and switch to the user-assigned identity on Azure.

Update: The library has been updated to support user assigned identity in App Services as well as part of 1.2.0-preview2.

Varun Sharma
  • 568
  • 4
  • 5
  • May I ask why this is the place where this is documented? Shouldn't this be clearly documents on learn.microsoft.com and in the example GitHub repository? Based on the documentation I found in the above places I thought User Assigned Identities were good to go in Azure App Service when they are clearly not. – Keith Hodo Feb 19 '19 at 18:43
  • Thanks for the feedback! I will get the documentation updated, and get back on this thread. – Varun Sharma Feb 26 '19 at 05:29