Azure Managed Identity is Microsoft’s solution to manage credentials for you, eliminating the need to store usernames, passwords, certificates and other secrets in your config files.

Basically, with Managed Identity you establish a trust between a server and a resource. For example, if you have a SQL server and a Web Server, you use managed identity to grant the Web Server access to the SQL server, so you don’t need to keep a username/password to the SQL server in the connectionstring.

Read here on how to configure managed identity in Azure.

Once the managed identity have been established between the SQL server and the Web Server, you will have a connection string and a managed identity client id. Notice that the connectionstring does not contain a username and a password:

"ConnectionStrings": { "SqlConnection": "Server=tcp:[servername].database.windows.net,1433;Initial Catalog=[databasename]", "ClientId": "[guid]"

Now, remember that the managed identity is a trust between the web server and the sql server. If you develop code locally, you still need a username/password in your connectionstring, as it is not possible to establish a trust between a local machine and a Azure Sql Server.

The easiest way to overcome this is to have a local .config file without a client id, and in the code check if the client id is empty. If it’s empty, you connection the old fashioned way, if not, you use the client id to connect.

ENOUGH TALK, SHOW ME THE CODE

This is an example of a connection manager that uses the client id if it exists to connect using Azure Managed Identity:

using System.Data; using System.Data.SqlClient; using Azure.Identity; using Microsoft.Extensions.Configuration; namespace MyCode public class ConnectionManager : IConnectionManager private readonly IConfiguration _configuration; private readonly string _connectionString; public ConnectionManager(IConfiguration configuration) _configuration = configuration; _connectionString = _configuration.GetConnectionString("SqlConnection"); public IDbConnection CreateConnection() SqlConnection? connection; string clientId = _configuration.GetConnectionString("ClientId"); // Empty client id means we are running towards a local // database using username/password. Connect the old // fashioned way if (string.IsNullOrWhiteSpace(clientId)) return new SqlConnection(_connectionString); // Client id is set. Use the Managed Identity Client Id to // establish a connection connection = new SqlConnection(_connectionString); var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = clientId }); var token = credential.GetToken(new Azure.Core.TokenRequestContext(new[] { "https://database.windows.net/.default" })); connection.AccessToken = token.Token; return connection;

The connectionmanager is injected into your service registration:

services.AddTransient<IConnectionManager, ConnectionManager>();

And the connectionmanager are now ready to be used in your SQL repositories:

namespace MyCode public class MyRepository private readonly IConnectionManager _connectionManager; public BannerRepository(IConnectionManager connectionManager) _connectionManager = connectionManager; public async Task MockupSQLAsync() using var connection = _connectionManager.CreateConnection(); await connection.ExecuteAsync("some sql", ...);

That’s it. You are now an expert in Managed Identity. Happy coding.

MORE TO READ:

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy