diff --git a/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs b/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs index e3b0d6fa622d..1d1ed47ffece 100644 --- a/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs +++ b/sdk/extensions/Microsoft.Extensions.Azure/src/Internal/ClientFactory.cs @@ -126,7 +126,7 @@ internal static TokenCredential CreateCredential(IConfiguration configuration) if (!string.IsNullOrWhiteSpace(resourceId)) { - return new ManagedIdentityCredential(new ResourceIdentifier(resourceId)); + return new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedResourceId(new ResourceIdentifier(resourceId))); } if (!string.IsNullOrWhiteSpace(objectId)) @@ -136,10 +136,15 @@ internal static TokenCredential CreateCredential(IConfiguration configuration) if (!string.IsNullOrWhiteSpace(managedIdentityClientId)) { - return new ManagedIdentityCredential(managedIdentityClientId); + return new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedClientId(managedIdentityClientId)); } - return new ManagedIdentityCredential(clientId); + if (!string.IsNullOrWhiteSpace(clientId)) + { + return new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedClientId(clientId)); + } + + return new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned); } if (string.Equals(credentialType, "workloadidentity", StringComparison.OrdinalIgnoreCase)) diff --git a/sdk/extensions/Microsoft.Extensions.Azure/tests/AzureClientFactoryTests.cs b/sdk/extensions/Microsoft.Extensions.Azure/tests/AzureClientFactoryTests.cs index df8adf52b9f8..8068dfe89c34 100644 --- a/sdk/extensions/Microsoft.Extensions.Azure/tests/AzureClientFactoryTests.cs +++ b/sdk/extensions/Microsoft.Extensions.Azure/tests/AzureClientFactoryTests.cs @@ -238,7 +238,7 @@ public void ResolvesDefaultClientByDefault() public void UsesProvidedCredentialIfOverGlobal() { var serviceCollection = new ServiceCollection(); - var defaultAzureCredential = new ManagedIdentityCredential(); + var defaultAzureCredential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned); serviceCollection.AddAzureClients(builder => builder.AddTestClientWithCredentials(new Uri("http://localhost")).WithCredential(defaultAzureCredential)); ServiceProvider provider = serviceCollection.BuildServiceProvider(); @@ -251,7 +251,7 @@ public void UsesProvidedCredentialIfOverGlobal() public void UsesGlobalCredential() { var serviceCollection = new ServiceCollection(); - var defaultAzureCredential = new ManagedIdentityCredential(); + var defaultAzureCredential = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned); serviceCollection.AddAzureClients(builder => { builder.AddTestClientWithCredentials(new Uri("http://localhost")); builder.UseCredential(defaultAzureCredential); diff --git a/sdk/identity/Azure.Identity/CHANGELOG.md b/sdk/identity/Azure.Identity/CHANGELOG.md index 3976d9443a03..e27ab5b32658 100644 --- a/sdk/identity/Azure.Identity/CHANGELOG.md +++ b/sdk/identity/Azure.Identity/CHANGELOG.md @@ -10,6 +10,8 @@ ### Other Changes +- Deprecated legacy `ManagedIdentityCredential` constructors. Use `ManagedIdentityCredential(ManagedIdentityId id)` or `ManagedIdentityCredential(ManagedIdentityCredentialOptions options)` instead for clearer intent when specifying system-assigned or user-assigned managed identity. ([#53800](https://github.com/Azure/azure-sdk-for-net/issues/53800)) + ## 1.17.0 (2025-10-07) ### Bugs Fixed diff --git a/sdk/identity/Azure.Identity/api/Azure.Identity.net8.0.cs b/sdk/identity/Azure.Identity/api/Azure.Identity.net8.0.cs index 1ecc41a927ef..3ae873405e6b 100644 --- a/sdk/identity/Azure.Identity/api/Azure.Identity.net8.0.cs +++ b/sdk/identity/Azure.Identity/api/Azure.Identity.net8.0.cs @@ -325,10 +325,12 @@ public partial class ManagedIdentityCredential : Azure.Core.TokenCredential { protected ManagedIdentityCredential() { } [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)] + [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")] public ManagedIdentityCredential(Azure.Core.ResourceIdentifier resourceId, Azure.Identity.TokenCredentialOptions options = null) { } public ManagedIdentityCredential(Azure.Identity.ManagedIdentityCredentialOptions options) { } public ManagedIdentityCredential(Azure.Identity.ManagedIdentityId id) { } [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)] + [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")] public ManagedIdentityCredential(string clientId = null, Azure.Identity.TokenCredentialOptions options = null) { } public override Azure.Core.AccessToken GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public override System.Threading.Tasks.ValueTask GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } diff --git a/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs b/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs index b4580393887c..dc96b613fd32 100644 --- a/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs +++ b/sdk/identity/Azure.Identity/api/Azure.Identity.netstandard2.0.cs @@ -322,10 +322,12 @@ public partial class ManagedIdentityCredential : Azure.Core.TokenCredential { protected ManagedIdentityCredential() { } [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)] + [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")] public ManagedIdentityCredential(Azure.Core.ResourceIdentifier resourceId, Azure.Identity.TokenCredentialOptions options = null) { } public ManagedIdentityCredential(Azure.Identity.ManagedIdentityCredentialOptions options) { } public ManagedIdentityCredential(Azure.Identity.ManagedIdentityId id) { } [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)] + [System.ObsoleteAttribute("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")] public ManagedIdentityCredential(string clientId = null, Azure.Identity.TokenCredentialOptions options = null) { } public override Azure.Core.AccessToken GetToken(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } public override System.Threading.Tasks.ValueTask GetTokenAsync(Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; } diff --git a/sdk/identity/Azure.Identity/integration/Integration.Identity.Common/ManagedIdentityTests.cs b/sdk/identity/Azure.Identity/integration/Integration.Identity.Common/ManagedIdentityTests.cs index f332d5cabf13..f6d57d494c27 100644 --- a/sdk/identity/Azure.Identity/integration/Integration.Identity.Common/ManagedIdentityTests.cs +++ b/sdk/identity/Azure.Identity/integration/Integration.Identity.Common/ManagedIdentityTests.cs @@ -21,8 +21,8 @@ public static void AuthToStorage() string account1 = Environment.GetEnvironmentVariable("IDENTITY_STORAGE_NAME_1")!; string account2 = Environment.GetEnvironmentVariable("IDENTITY_STORAGE_NAME_2")!; - var credential1 = new ManagedIdentityCredential(); - var credential2 = new ManagedIdentityCredential(new ResourceIdentifier(resourceId)); + var credential1 = new ManagedIdentityCredential(ManagedIdentityId.SystemAssigned); + var credential2 = new ManagedIdentityCredential(ManagedIdentityId.FromUserAssignedResourceId(new ResourceIdentifier(resourceId))); var client1 = new BlobServiceClient(new Uri($"https://{account1}.blob.core.windows.net/"), credential1); var client2 = new BlobServiceClient(new Uri($"https://{account2}.blob.core.windows.net/"), credential2); client1.GetBlobContainers().ToList(); diff --git a/sdk/identity/Azure.Identity/src/Credentials/ManagedIdentityCredential.cs b/sdk/identity/Azure.Identity/src/Credentials/ManagedIdentityCredential.cs index 4da6de06ca6f..8bffed921725 100644 --- a/sdk/identity/Azure.Identity/src/Credentials/ManagedIdentityCredential.cs +++ b/sdk/identity/Azure.Identity/src/Credentials/ManagedIdentityCredential.cs @@ -44,6 +44,7 @@ protected ManagedIdentityCredential() /// /// Options to configure the management of the requests sent to Microsoft Entra ID. [EditorBrowsable(EditorBrowsableState.Never)] + [Obsolete("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")] public ManagedIdentityCredential(string clientId = null, TokenCredentialOptions options = null) : this(new ManagedIdentityClient(new ManagedIdentityClientOptions { ManagedIdentityId = string.IsNullOrEmpty(clientId) ? ManagedIdentityId.SystemAssigned : ManagedIdentityId.FromUserAssignedClientId(clientId), Pipeline = CredentialPipeline.GetInstance(options, IsManagedIdentityCredential: true), Options = options })) { @@ -58,6 +59,7 @@ public ManagedIdentityCredential(string clientId = null, TokenCredentialOptions /// /// Options to configure the management of the requests sent to Microsoft Entra ID. [EditorBrowsable(EditorBrowsableState.Never)] + [Obsolete("Use constructor ManagedIdentityCredential(ManagedIdentityId id) or ManagedIdentityCredential(ManagedIdentityCredentialOptions options).")] public ManagedIdentityCredential(ResourceIdentifier resourceId, TokenCredentialOptions options = null) : this(new ManagedIdentityClient(new ManagedIdentityClientOptions { ManagedIdentityId = ManagedIdentityId.FromUserAssignedResourceId(resourceId), Pipeline = CredentialPipeline.GetInstance(options, IsManagedIdentityCredential: true), Options = options })) {