{"id":"6c430cca-3158-4bd2-bfd0-f85f956a77aa","shortId":"svUdhL","kind":"skill","title":"azure-identity-dotnet","tagline":"Azure Identity SDK for .NET. Authentication library for Azure SDK clients using Microsoft Entra ID. Use for DefaultAzureCredential, managed identity, service principals, and developer credentials.","description":"# Azure.Identity (.NET)\n\nAuthentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).\n\n## Installation\n\n```bash\ndotnet add package Azure.Identity\n\n# For ASP.NET Core\ndotnet add package Microsoft.Extensions.Azure\n\n# For brokered authentication (Windows)\ndotnet add package Azure.Identity.Broker\n```\n\n**Current Versions**: Stable v1.17.1, Preview v1.18.0-beta.2\n\n## Environment Variables\n\n### Service Principal with Secret\n```bash\nAZURE_CLIENT_ID=<application-client-id>\nAZURE_TENANT_ID=<directory-tenant-id>\nAZURE_CLIENT_SECRET=<client-secret-value>\n```\n\n### Service Principal with Certificate\n```bash\nAZURE_CLIENT_ID=<application-client-id>\nAZURE_TENANT_ID=<directory-tenant-id>\nAZURE_CLIENT_CERTIFICATE_PATH=<path-to-pfx-or-pem>\nAZURE_CLIENT_CERTIFICATE_PASSWORD=<certificate-password>  # Optional\n```\n\n### Managed Identity\n```bash\nAZURE_CLIENT_ID=<user-assigned-managed-identity-client-id>  # Only for user-assigned\n```\n\n## DefaultAzureCredential\n\nThe recommended credential for most scenarios. Tries multiple authentication methods in order:\n\n| Order | Credential | Enabled by Default |\n|-------|------------|-------------------|\n| 1 | EnvironmentCredential | Yes |\n| 2 | WorkloadIdentityCredential | Yes |\n| 3 | ManagedIdentityCredential | Yes |\n| 4 | VisualStudioCredential | Yes |\n| 5 | VisualStudioCodeCredential | Yes |\n| 6 | AzureCliCredential | Yes |\n| 7 | AzurePowerShellCredential | Yes |\n| 8 | AzureDeveloperCliCredential | Yes |\n| 9 | InteractiveBrowserCredential | **No** |\n\n### Basic Usage\n\n```csharp\nusing Azure.Identity;\nusing Azure.Storage.Blobs;\n\nvar credential = new DefaultAzureCredential();\nvar blobClient = new BlobServiceClient(\n    new Uri(\"https://myaccount.blob.core.windows.net\"),\n    credential);\n```\n\n### ASP.NET Core with Dependency Injection\n\n```csharp\nusing Azure.Identity;\nusing Microsoft.Extensions.Azure;\n\nbuilder.Services.AddAzureClients(clientBuilder =>\n{\n    clientBuilder.AddBlobServiceClient(\n        new Uri(\"https://myaccount.blob.core.windows.net\"));\n    clientBuilder.AddSecretClient(\n        new Uri(\"https://myvault.vault.azure.net\"));\n    \n    // Uses DefaultAzureCredential by default\n    clientBuilder.UseCredential(new DefaultAzureCredential());\n});\n```\n\n### Customizing DefaultAzureCredential\n\n```csharp\nvar credential = new DefaultAzureCredential(\n    new DefaultAzureCredentialOptions\n    {\n        ExcludeEnvironmentCredential = true,\n        ExcludeManagedIdentityCredential = false,\n        ExcludeVisualStudioCredential = false,\n        ExcludeAzureCliCredential = false,\n        ExcludeInteractiveBrowserCredential = false, // Enable interactive\n        TenantId = \"<tenant-id>\",\n        ManagedIdentityClientId = \"<user-assigned-mi-client-id>\"\n    });\n```\n\n## Credential Types\n\n### ManagedIdentityCredential (Production)\n\n```csharp\n// System-assigned managed identity\nvar credential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);\n\n// User-assigned by client ID\nvar credential = new ManagedIdentityCredential(\n    ManagedIdentityId.FromUserAssignedClientId(\"<client-id>\"));\n\n// User-assigned by resource ID\nvar credential = new ManagedIdentityCredential(\n    ManagedIdentityId.FromUserAssignedResourceId(\"<resource-id>\"));\n```\n\n### ClientSecretCredential\n\n```csharp\nvar credential = new ClientSecretCredential(\n    tenantId: \"<tenant-id>\",\n    clientId: \"<client-id>\",\n    clientSecret: \"<client-secret>\");\n\nvar client = new SecretClient(\n    new Uri(\"https://myvault.vault.azure.net\"),\n    credential);\n```\n\n### ClientCertificateCredential\n\n```csharp\nvar certificate = X509CertificateLoader.LoadCertificateFromFile(\"MyCertificate.pfx\");\nvar credential = new ClientCertificateCredential(\n    tenantId: \"<tenant-id>\",\n    clientId: \"<client-id>\",\n    certificate);\n```\n\n### ChainedTokenCredential (Custom Chain)\n\n```csharp\nvar credential = new ChainedTokenCredential(\n    new ManagedIdentityCredential(),\n    new AzureCliCredential());\n\nvar client = new SecretClient(\n    new Uri(\"https://myvault.vault.azure.net\"),\n    credential);\n```\n\n### Developer Credentials\n\n```csharp\n// Azure CLI\nvar credential = new AzureCliCredential();\n\n// Azure PowerShell\nvar credential = new AzurePowerShellCredential();\n\n// Azure Developer CLI (azd)\nvar credential = new AzureDeveloperCliCredential();\n\n// Visual Studio\nvar credential = new VisualStudioCredential();\n\n// Interactive Browser\nvar credential = new InteractiveBrowserCredential();\n```\n\n## Environment-Based Configuration\n\n```csharp\n// Production vs Development\nTokenCredential credential = builder.Environment.IsProduction()\n    ? new ManagedIdentityCredential(\"<client-id>\")\n    : new DefaultAzureCredential();\n```\n\n## Sovereign Clouds\n\n```csharp\nvar credential = new DefaultAzureCredential(\n    new DefaultAzureCredentialOptions\n    {\n        AuthorityHost = AzureAuthorityHosts.AzureGovernment\n    });\n\n// Available authority hosts:\n// AzureAuthorityHosts.AzurePublicCloud (default)\n// AzureAuthorityHosts.AzureGovernment\n// AzureAuthorityHosts.AzureChina\n// AzureAuthorityHosts.AzureGermany\n```\n\n## Credential Types Reference\n\n| Category | Credential | Purpose |\n|----------|------------|---------|\n| **Chains** | `DefaultAzureCredential` | Preconfigured chain for dev-to-prod |\n| | `ChainedTokenCredential` | Custom credential chain |\n| **Azure-Hosted** | `ManagedIdentityCredential` | Azure managed identity |\n| | `WorkloadIdentityCredential` | Kubernetes workload identity |\n| | `EnvironmentCredential` | Environment variables |\n| **Service Principal** | `ClientSecretCredential` | Client ID + secret |\n| | `ClientCertificateCredential` | Client ID + certificate |\n| | `ClientAssertionCredential` | Signed client assertion |\n| **User** | `InteractiveBrowserCredential` | Browser-based auth |\n| | `DeviceCodeCredential` | Device code flow |\n| | `OnBehalfOfCredential` | Delegated identity |\n| **Developer** | `AzureCliCredential` | Azure CLI |\n| | `AzurePowerShellCredential` | Azure PowerShell |\n| | `AzureDeveloperCliCredential` | Azure Developer CLI |\n| | `VisualStudioCredential` | Visual Studio |\n\n## Best Practices\n\n### 1. Use Deterministic Credentials in Production\n\n```csharp\n// Development\nvar devCredential = new DefaultAzureCredential();\n\n// Production - use specific credential\nvar prodCredential = new ManagedIdentityCredential(\"<client-id>\");\n```\n\n### 2. Reuse Credential Instances\n\n```csharp\n// Good: Single credential instance shared across clients\nvar credential = new DefaultAzureCredential();\nvar blobClient = new BlobServiceClient(blobUri, credential);\nvar secretClient = new SecretClient(vaultUri, credential);\n```\n\n### 3. Configure Retry Policies\n\n```csharp\nvar options = new ManagedIdentityCredentialOptions(\n    ManagedIdentityId.FromUserAssignedClientId(clientId))\n{\n    Retry =\n    {\n        MaxRetries = 3,\n        Delay = TimeSpan.FromSeconds(0.5),\n    }\n};\nvar credential = new ManagedIdentityCredential(options);\n```\n\n### 4. Enable Logging for Debugging\n\n```csharp\nusing Azure.Core.Diagnostics;\n\nusing AzureEventSourceListener listener = new((args, message) =>\n{\n    if (args is { EventSource.Name: \"Azure-Identity\" })\n    {\n        Console.WriteLine(message);\n    }\n}, EventLevel.LogAlways);\n```\n\n## Error Handling\n\n```csharp\nusing Azure.Identity;\nusing Azure.Security.KeyVault.Secrets;\n\nvar client = new SecretClient(\n    new Uri(\"https://myvault.vault.azure.net\"),\n    new DefaultAzureCredential());\n\ntry\n{\n    KeyVaultSecret secret = await client.GetSecretAsync(\"secret1\");\n}\ncatch (AuthenticationFailedException e)\n{\n    Console.WriteLine($\"Authentication Failed: {e.Message}\");\n}\ncatch (CredentialUnavailableException e)\n{\n    Console.WriteLine($\"Credential Unavailable: {e.Message}\");\n}\n```\n\n## Key Exceptions\n\n| Exception | Description |\n|-----------|-------------|\n| `AuthenticationFailedException` | Base exception for authentication errors |\n| `CredentialUnavailableException` | Credential cannot authenticate in current environment |\n| `AuthenticationRequiredException` | Interactive authentication is required |\n\n## Managed Identity Support\n\nSupported Azure services:\n- Azure App Service and Azure Functions\n- Azure Arc\n- Azure Cloud Shell\n- Azure Kubernetes Service (AKS)\n- Azure Service Fabric\n- Azure Virtual Machines\n- Azure Virtual Machine Scale Sets\n\n## Thread Safety\n\nAll credential implementations are thread-safe. A single credential instance can be safely shared across multiple clients and threads.\n\n## Related SDKs\n\n| SDK | Purpose | Install |\n|-----|---------|---------|\n| `Azure.Identity` | Authentication (this SDK) | `dotnet add package Azure.Identity` |\n| `Microsoft.Extensions.Azure` | DI integration | `dotnet add package Microsoft.Extensions.Azure` |\n| `Azure.Identity.Broker` | Brokered auth (Windows) | `dotnet add package Azure.Identity.Broker` |\n\n## Reference Links\n\n| Resource | URL |\n|----------|-----|\n| NuGet Package | https://www.nuget.org/packages/Azure.Identity |\n| API Reference | https://learn.microsoft.com/dotnet/api/azure.identity |\n| Credential Chains | https://learn.microsoft.com/dotnet/azure/sdk/authentication/credential-chains |\n| Best Practices | https://learn.microsoft.com/dotnet/azure/sdk/authentication/best-practices |\n| GitHub Source | https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["azure","identity","dotnet","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-azure-identity-dotnet","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/azure-identity-dotnet","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34928 github stars · SKILL.md body (9,692 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-24T18:50:30.728Z","embedding":null,"createdAt":"2026-04-18T21:32:29.552Z","updatedAt":"2026-04-24T18:50:30.728Z","lastSeenAt":"2026-04-24T18:50:30.728Z","tsv":"'/azure/azure-sdk-for-net/tree/main/sdk/identity/azure.identity':727 '/dotnet/api/azure.identity':712 '/dotnet/azure/sdk/authentication/best-practices':722 '/dotnet/azure/sdk/authentication/credential-chains':717 '/packages/azure.identity':707 '0.5':529 '1':137,465 '2':140,485 '3':143,513,526 '4':146,535 '5':149 '6':152 '7':155 '8':158 '9':161 'across':495,666 'action':740 'ad':44 'add':48,55,63,681,688,696 'ak':637 'api':708 'app':624 'applic':734 'arc':630 'arg':547,550 'ask':778 'asp.net':52,183 'assert':435 'assign':118,240,250,261 'auth':441,693 'authent':10,32,60,128,585,603,608,614,677 'authenticationfailedexcept':582,599 'authenticationrequiredexcept':612 'author':382 'authorityhost':379 'avail':381 'await':578 'azd':338 'azur':2,5,13,35,43,79,82,85,93,96,99,103,111,323,329,335,409,412,451,454,457,554,621,623,627,629,631,634,638,641,644 'azure-host':408 'azure-ident':553 'azure-identity-dotnet':1 'azure.core.diagnostics':542 'azure.identity':30,50,168,190,563,676,683 'azure.identity.broker':65,691,698 'azure.security.keyvault.secrets':565 'azure.storage.blobs':170 'azureauthorityhosts.azurechina':387 'azureauthorityhosts.azuregermany':388 'azureauthorityhosts.azuregovernment':380,386 'azureauthorityhosts.azurepubliccloud':384 'azureclicredenti':153,311,328,450 'azuredeveloperclicredenti':159,342,456 'azureeventsourcelisten':544 'azurepowershellcredenti':156,334,453 'base':357,440,600 'bash':46,78,92,110 'basic':164 'best':463,718 'blobclient':176,502 'blobservicecli':178,504 'bloburi':505 'boundari':786 'broker':59,692 'browser':350,439 'browser-bas':438 'builder.environment.isproduction':365 'builder.services.addazureclients':193 'cannot':607 'catch':581,588 'categori':392 'certif':91,101,105,290,299,431 'chain':302,395,398,407,714 'chainedtokencredenti':300,307,404 'clarif':780 'clear':753 'cli':324,337,452,459 'client':15,37,80,86,94,100,104,112,252,280,313,425,429,434,496,567,668 'client.getsecretasync':579 'clientassertioncredenti':432 'clientbuild':194 'clientbuilder.addblobserviceclient':195 'clientbuilder.addsecretclient':199 'clientbuilder.usecredential':207 'clientcertificatecredenti':287,296,428 'clientid':277,298,523 'clientsecret':278 'clientsecretcredenti':270,275,424 'cloud':371,632 'code':444 'configur':358,514 'console.writeline':556,584,591 'core':53,184 'credenti':29,122,133,172,182,214,233,244,255,266,273,286,294,305,319,321,326,332,340,346,352,364,374,389,393,406,468,480,487,492,498,506,512,531,592,606,652,660,713 'credentialunavailableexcept':589,605 'criteria':789 'csharp':166,188,212,237,271,288,303,322,359,372,471,489,517,540,561 'current':66,610 'custom':210,301,405 'debug':539 'default':136,206,385 'defaultazurecredenti':22,119,174,204,209,211,216,369,376,396,476,500,574 'defaultazurecredentialopt':218,378 'delay':527 'deleg':447 'depend':186 'describ':741,757 'descript':598 'determinist':467 'dev':401 'dev-to-prod':400 'devcredenti':474 'develop':28,320,336,362,449,458,472 'devic':443 'devicecodecredenti':442 'di':685 'dotnet':4,47,54,62,680,687,695 'e':583,590 'e.message':587,594 'enabl':134,229,536 'entra':18,40 'environ':72,356,420,611,769 'environment-bas':355 'environment-specif':768 'environmentcredenti':138,419 'error':559,604 'eventlevel.logalways':558 'eventsource.name':552 'except':596,597,601 'excludeazureclicredenti':225 'excludeenvironmentcredenti':219 'excludeinteractivebrowsercredenti':227 'excludemanagedidentitycredenti':221 'excludevisualstudiocredenti':223 'execut':736 'expert':774 'fabric':640 'fail':586 'fals':222,224,226,228 'flow':445 'former':42 'function':628 'github':723 'github.com':726 'github.com/azure/azure-sdk-for-net/tree/main/sdk/identity/azure.identity':725 'good':490 'handl':560 'host':383,410 'id':19,41,81,84,95,98,113,253,264,426,430 'ident':3,6,24,109,242,414,418,448,555,618 'implement':653 'inject':187 'input':783 'instal':45,675 'instanc':488,493,661 'integr':686 'interact':230,349,613 'interactivebrowsercredenti':162,354,437 'key':595 'keyvaultsecret':576 'kubernet':416,635 'learn.microsoft.com':711,716,721 'learn.microsoft.com/dotnet/api/azure.identity':710 'learn.microsoft.com/dotnet/azure/sdk/authentication/best-practices':720 'learn.microsoft.com/dotnet/azure/sdk/authentication/credential-chains':715 'librari':11,33 'limit':745 'link':700 'listen':545 'log':537 'machin':643,646 'manag':23,108,241,413,617 'managedidentityclientid':232 'managedidentitycredenti':144,235,246,257,268,309,367,411,484,533 'managedidentitycredentialopt':521 'managedidentityid.fromuserassignedclientid':258,522 'managedidentityid.fromuserassignedresourceid':269 'managedidentityid.systemassigned':247 'match':754 'maxretri':525 'messag':548,557 'method':129 'microsoft':17,39 'microsoft.extensions.azure':57,192,684,690 'miss':791 'multipl':127,667 'myaccount.blob.core.windows.net':181,198 'mycertificate.pfx':292 'myvault.vault.azure.net':202,285,318,572 'net':9,31 'new':173,177,179,196,200,208,215,217,245,256,267,274,281,283,295,306,308,310,314,316,327,333,341,347,353,366,368,375,377,475,483,499,503,509,520,532,546,568,570,573 'nuget':703 'onbehalfofcredenti':446 'option':107,519,534 'order':131,132 'output':763 'overview':744 'packag':49,56,64,682,689,697,704 'password':106 'path':102 'permiss':784 'polici':516 'powershel':330,455 'practic':464,719 'preconfigur':397 'preview':70 'princip':26,75,89,423 'prod':403 'prodcredenti':482 'product':236,360,470,477 'purpos':394,674 'recommend':121 'refer':391,699,709 'relat':671 'requir':616,782 'resourc':263,701 'retri':515,524 'reus':486 'review':775 'safe':657,664 'safeti':650,785 'scale':647 'scenario':125 'scope':756 'sdk':7,14,36,673,679 'sdks':672 'secret':77,87,427,577 'secret1':580 'secretcli':282,315,508,510,569 'servic':25,74,88,422,622,625,636,639 'set':648 'share':494,665 'shell':633 'sign':433 'singl':491,659 'skill':732,748 'skill-azure-identity-dotnet' 'sourc':724 'source-sickn33' 'sovereign':370 'specif':479,770 'stabl':68 'stop':776 'studio':344,462 'substitut':766 'success':788 'support':619,620 'system':239 'system-assign':238 'task':752 'tenant':83,97 'tenantid':231,276,297 'test':772 'thread':649,656,670 'thread-saf':655 'timespan.fromseconds':528 'tokencredenti':363 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'treat':761 'tri':126,575 'true':220 'type':234,390 'unavail':593 'uri':180,197,201,284,317,571 'url':702 'usag':165 'use':16,20,38,167,169,189,191,203,466,478,541,543,562,564,730,746 'user':117,249,260,436 'user-assign':116,248,259 'v1.17.1':69 'v1.18.0-beta.2':71 'valid':771 'var':171,175,213,243,254,265,272,279,289,293,304,312,325,331,339,345,351,373,473,481,497,501,507,518,530,566 'variabl':73,421 'vaulturi':511 'version':67 'virtual':642,645 'visual':343,461 'visualstudiocodecredenti':150 'visualstudiocredenti':147,348,460 'vs':361 'window':61,694 'workflow':738 'workload':417 'workloadidentitycredenti':141,415 'www.nuget.org':706 'www.nuget.org/packages/azure.identity':705 'x509certificateloader.loadcertificatefromfile':291 'yes':139,142,145,148,151,154,157,160","prices":[{"id":"75c81551-7c44-4d93-aafa-3bfbc9ed8088","listingId":"6c430cca-3158-4bd2-bfd0-f85f956a77aa","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:32:29.552Z"}],"sources":[{"listingId":"6c430cca-3158-4bd2-bfd0-f85f956a77aa","source":"github","sourceId":"sickn33/antigravity-awesome-skills/azure-identity-dotnet","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/azure-identity-dotnet","isPrimary":false,"firstSeenAt":"2026-04-18T21:32:29.552Z","lastSeenAt":"2026-04-24T18:50:30.728Z"}],"details":{"listingId":"6c430cca-3158-4bd2-bfd0-f85f956a77aa","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"azure-identity-dotnet","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34928,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-24T06:41:17Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"3dadcbc17447dc72c46801039c9d3e4eedba61d8","skill_md_path":"skills/azure-identity-dotnet/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/azure-identity-dotnet"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"azure-identity-dotnet","description":"Azure Identity SDK for .NET. Authentication library for Azure SDK clients using Microsoft Entra ID. Use for DefaultAzureCredential, managed identity, service principals, and developer credentials."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/azure-identity-dotnet"},"updatedAt":"2026-04-24T18:50:30.728Z"}}