The DefaultAzureCredential is a standard Microsoft library that allows you to authenticate to Azure services using a variety of methods. However, by default, it can take a long time to get tokens because it will try all the available methods in order. Each of those methods can take a long time to fail and so it is not uncommon for tokens to take tens or hundreds of seconds to get a token.
You can add it to the service collection like this:
services.AddDefaultAzureCredential();If you provide no configuration, the solution will look at the ASPNETCORE_ENVIRONMENT environment variable. If it is set to "Development", the DefaultAzureCredential will use "mi" (Managed Identity) and then "azcli" (Azure CLI) to try and get a token. Otherwise, it will use "env" (Environment Variables) and then "mi" (Managed Identity) to try and get a token. These options are very fast and will work for most scenarios, but you can specify which methods are allowed by setting the INCLUDE_CREDENTIALS_TYPE environment variable. The options are:
env- Environment Variablesmi- Managed Identitytoken- Shared Token Cachevs- Visual Studio Credentialvscode- Visual Studio Code Credentialazcli- Azure CLIbrowser- Interactive Browserazd- Azure Developer CLIps- Azure PowerShellworkload- Workload Identity
For example,
INCLUDE_CREDENTIALS_TYPE=env,mi,azcli,azdIdeally, set only the specific method you wish to use. For instance, a deployed service could specify:
INCLUDE_CREDENTIALS_TYPE=miWhen using Managed Identity, you will often need to set the AZURE_CLIENT_ID environment variable to the client ID of the Managed Identity.