Class OnBehalfOfCredential
Enables authentication to Microsoft Entra ID using an On-Behalf-Of flow.
Inheritance
Namespace: System.Dynamic.ExpandoObject
Assembly: Azure.Identity.dll
Syntax
public class OnBehalfOfCredential : Azure.Core.TokenCredentialConstructors
OnBehalfOfCredential()
OnBehalfOfCredential(String, String, X509Certificate2, String)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with the specified certificate.
Declaration
public OnBehalfOfCredential (string tenantId, string clientId, System.Security.Cryptography.X509Certificates.X509Certificate2 clientCertificate, string userAssertion);Parameters
|
System.String
tenantId
The Microsoft Entra tenant (directory) ID of the service principal. |
|
System.String
clientId
The client (application) ID of the service principal |
|
System.Security.Cryptography.X509Certificates.X509Certificate2
clientCertificate
The authentication X509 Certificate of the service principal |
|
System.String
userAssertion
The access token that will be used by OnBehalfOfCredential as the user assertion when requesting On-Behalf-Of tokens. |
OnBehalfOfCredential(String, String, String, String)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate with Microsoft Entra ID.
Declaration
public OnBehalfOfCredential (string tenantId, string clientId, string clientSecret, string userAssertion);Parameters
|
System.String
tenantId
The Microsoft Entra tenant (directory) ID of the service principal. |
|
System.String
clientId
The client (application) ID of the service principal |
|
System.String
clientSecret
A client secret that was generated for the App Registration used to authenticate the client. |
|
System.String
userAssertion
The access token that will be used by OnBehalfOfCredential as the user assertion when requesting On-Behalf-Of tokens. |
OnBehalfOfCredential(String, String, Func<String>, String, OnBehalfOfCredentialOptions)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with the specified client assertion.
Declaration
public OnBehalfOfCredential (string tenantId, string clientId, Func<string> clientAssertionCallback, string userAssertion, Azure.Identity.OnBehalfOfCredentialOptions options = null);Parameters
|
System.String
tenantId
The Microsoft Entra tenant (directory) ID of the service principal. |
|
System.String
clientId
The client (application) ID of the service principal |
|
System.Func<System.String>
clientAssertionCallback
A synchronous callback returning a valid client assertion used to authenticate the service principal. |
|
System.String
userAssertion
The access token that will be used by OnBehalfOfCredential as the user assertion when requesting On-Behalf-Of tokens. |
|
OnBehalfOfCredentialOptions
options
Options that allow to configure the management of the requests sent to Microsoft Entra ID. |
OnBehalfOfCredential(String, String, Func<CancellationToken,Task<String>>, String, OnBehalfOfCredentialOptions)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with the specified client assertion.
Declaration
public OnBehalfOfCredential (string tenantId, string clientId, Func<System.Threading.CancellationToken,System.Threading.Tasks.Task<string>> clientAssertionCallback, string userAssertion, Azure.Identity.OnBehalfOfCredentialOptions options = null);Parameters
|
System.String
tenantId
The Microsoft Entra tenant (directory) ID of the service principal. |
|
System.String
clientId
The client (application) ID of the service principal |
|
System.Func<System.Threading.CancellationToken,System.Threading.Tasks.Task<System.String>>
clientAssertionCallback
An asynchronous callback returning a valid client assertion used to authenticate the service principal. |
|
System.String
userAssertion
The access token that will be used by OnBehalfOfCredential as the user assertion when requesting On-Behalf-Of tokens. |
|
OnBehalfOfCredentialOptions
options
Options that allow to configure the management of the requests sent to Microsoft Entra ID. |
OnBehalfOfCredential(String, String, X509Certificate2, String, OnBehalfOfCredentialOptions)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate against Microsoft Entra ID with the specified certificate.
Declaration
public OnBehalfOfCredential (string tenantId, string clientId, System.Security.Cryptography.X509Certificates.X509Certificate2 clientCertificate, string userAssertion, Azure.Identity.OnBehalfOfCredentialOptions options);Parameters
|
System.String
tenantId
The Microsoft Entra tenant (directory) ID of the service principal. |
|
System.String
clientId
The client (application) ID of the service principal |
|
System.Security.Cryptography.X509Certificates.X509Certificate2
clientCertificate
The authentication X509 Certificate of the service principal |
|
System.String
userAssertion
The access token that will be used by OnBehalfOfCredential as the user assertion when requesting On-Behalf-Of tokens. |
|
OnBehalfOfCredentialOptions
options
Options that allow to configure the management of the requests sent to Microsoft Entra ID. |
OnBehalfOfCredential(String, String, String, String, OnBehalfOfCredentialOptions)
Creates an instance of the OnBehalfOfCredential with the details needed to authenticate with Microsoft Entra ID.
Declaration
public OnBehalfOfCredential (string tenantId, string clientId, string clientSecret, string userAssertion, Azure.Identity.OnBehalfOfCredentialOptions options);Parameters
|
System.String
tenantId
The Microsoft Entra tenant (directory) ID of the service principal. |
|
System.String
clientId
The client (application) ID of the service principal |
|
System.String
clientSecret
A client secret that was generated for the App Registration used to authenticate the client. |
|
System.String
userAssertion
The access token that will be used by OnBehalfOfCredential as the user assertion when requesting On-Behalf-Of tokens. |
|
OnBehalfOfCredentialOptions
options
Options that allow to configure the management of the requests sent to Microsoft Entra ID. |
Methods
GetToken(TokenRequestContext, CancellationToken)
Authenticates with Microsoft Entra ID and returns an access token if successful. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.
Declaration
public override Azure.Core.AccessToken GetToken (Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);Parameters
|
Azure.Core.TokenRequestContext
requestContext
The details of the authentication request. |
|
System.Threading.CancellationToken
cancellationToken
A System.Threading.CancellationToken controlling the request lifetime. |
Returns
|
Azure.Core.AccessToken
An Azure.Core.AccessToken which can be used to authenticate service client calls. |
Exceptions
|
AuthenticationFailedException
Thrown when the authentication failed. |
GetTokenAsync(TokenRequestContext, CancellationToken)
Authenticates with Microsoft Entra ID and returns an access token if successful. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.
Declaration
public override System.Threading.Tasks.ValueTask<Azure.Core.AccessToken> GetTokenAsync (Azure.Core.TokenRequestContext requestContext, System.Threading.CancellationToken cancellationToken);Parameters
|
Azure.Core.TokenRequestContext
requestContext
The details of the authentication request. |
|
System.Threading.CancellationToken
cancellationToken
A System.Threading.CancellationToken controlling the request lifetime. |
Returns
|
System.Threading.Tasks.ValueTask<Azure.Core.AccessToken>
An Azure.Core.AccessToken which can be used to authenticate service client calls. |
Exceptions
|
AuthenticationFailedException
Thrown when the authentication failed. |