Azure 身份验证 (.NET)

低风险

作者 @sickn33已验证来源

4.4393 次安装v1.0.0更新于 2026年5月25日

使用方式

在 Claude Code 中运行以下命令

第一步：添加 Marketplace

/plugin marketplace add sickn33/antigravity-awesome-skills

第二步：安装插件

/plugin install antigravity-awesome-skills@antigravity-awesome-skills

关于

Azure Identity .NET SDK。使用 Microsoft Entra ID 为 Azure SDK 客户端提供认证的库。支持 DefaultAzureCredential、托管身份、服务主体和开发者凭据。

name: azure-identity-dotnet description: Azure Identity SDK for .NET。使用 Microsoft Entra ID 为 Azure SDK 客户端提供身份验证的库。用于 DefaultAzureCredential、托管标识、服务主体和开发者凭据。 risk: unknown source: community date_added: '2026-02-27'

Azure.Identity (.NET)

使用 Microsoft Entra ID（前身为 Azure AD）为 Azure SDK 客户端提供身份验证的库。

安装

dotnet add package Azure.Identity

# 用于 ASP.NET Core
dotnet add package Microsoft.Extensions.Azure

# 用于代理身份验证（Windows）
dotnet add package Azure.Identity.Broker

当前版本：稳定版 v1.17.1，预览版 v1.18.0-beta.2

环境变量

使用密钥的服务主体

AZURE_CLIENT_ID=<application-client-id>
AZURE_TENANT_ID=<directory-tenant-id>
AZURE_CLIENT_SECRET=<client-secret-value>

使用证书的服务主体

AZURE_CLIENT_ID=<application-client-id>
AZURE_TENANT_ID=<directory-tenant-id>
AZURE_CLIENT_CERTIFICATE_PATH=<path-to-pfx-or-pem>
AZURE_CLIENT_CERTIFICATE_PASSWORD=<certificate-password>  # 可选

托管标识

AZURE_CLIENT_ID=<user-assigned-managed-identity-client-id>  # 仅用于用户分配的标识

DefaultAzureCredential

大多数场景推荐使用的凭据。按顺序尝试多种身份验证方法：

| 顺序 | 凭据 | 默认启用 | |------|------|---------| | 1 | EnvironmentCredential | 是 | | 2 | WorkloadIdentityCredential | 是 | | 3 | ManagedIdentityCredential | 是 | | 4 | VisualStudioCredential | 是 | | 5 | VisualStudioCodeCredential | 是 | | 6 | AzureCliCredential | 是 | | 7 | AzurePowerShellCredential | 是 | | 8 | AzureDeveloperCliCredential | 是 | | 9 | InteractiveBrowserCredential | 否 |

基本用法

using Azure.Identity;
using Azure.Storage.Blobs;

var credential = new DefaultAzureCredential();
var blobClient = new BlobServiceClient(
    new Uri("https://myaccount.blob.core.windows.net"),
    credential);

ASP.NET Core 依赖注入

using Azure.Identity;
using Microsoft.Extensions.Azure;

builder.Services.AddAzureClients(clientBuilder =>
{
    clientBuilder.AddBlobServiceClient(
        new Uri("https://myaccount.blob.core.windows.net"));
    clientBuilder.AddSecretClient(
        new Uri("https://myvault.vault.azure.net"));
    
    // 默认使用 DefaultAzureCredential
    clientBuilder.UseCredential(new DefaultAzureCredential());
});

自定义 DefaultAzureCredential

var credential = new DefaultAzureCredential(
    new DefaultAzureCredentialOptions
    {
        ExcludeEnvironmentCredential = true,
        ExcludeManagedIdentityCredential = false,
        ExcludeVisualStudioCredential = false,
        ExcludeAzureCliCredential = false,
        ExcludeInteractiveBrowserCredential = false, // 启用交互式
        TenantId = "<tenant-id>",
        ManagedIdentityClientId = "<user-assigned-mi-client-id>"
    });

凭据类型

ManagedIdentityCredential（生产环境）

// 系统分配的托管标识
var credential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned);

// 按客户端 ID 的用户分配标识
var credential = new ManagedIdentityCredential(
    ManagedIdentityId.FromUserAssignedClientId("<client-id>"));

// 按资源 ID 的用户分配标识
var credential = new ManagedIdentityCredential(
    ManagedIdentityId.FromUserAssignedResourceId("<resource-id>"));

ClientSecretCredential

var credential = new ClientSecretCredential(
    tenantId: "<tenant-id>",
    clientId: "<client-id>",
    clientSecret: "<client-secret>");

var client = new SecretClient(
    new Uri("https://myvault.vault.azure.net"),
    credential);

ClientCertificateCredential

var certificate = X509CertificateLoader.LoadCertificateFromFile("MyCertificate.pfx");
var credential = new ClientCertificateCredential(
    tenantId: "<tenant-id>",
    clientId: "<client-id>",
    certificate);

ChainedTokenCredential（自定义链）

var credential = new ChainedTokenCredential(
    new ManagedIdentityCredential(),
    new AzureCliCredential());

var client = new SecretClient(
    new Uri("https://myvault.vault.azure.net"),
    credential);

开发者凭据

// Azure CLI
var credential = new AzureCliCredential();

// Azure PowerShell
var credential = new AzurePowerShellCredential();

// Azure Developer CLI (azd)
var credential = new AzureDeveloperCliCredential();

// Visual Studio
var credential = new VisualStudioCredential();

// 交互式浏览器
var credential = new InteractiveBrowserCredential();

基于环境的配置

// 生产环境 vs 开发环境
TokenCredential credential = builder.Environment.IsProduction()
    ? new ManagedIdentityCredential("<client-id>")
    : new DefaultAzureCredential();

主权云

// Azure 中国
var options = new DefaultAzureCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzureChina
};
var credential = new DefaultAzureCredential(options);

兼容工具

Claude CodeCursor