Class ClientCertificateCredential

Namespace: Azure.Identity

Assembly: Azure.Identity.dll

Enables authentication of a service principal to Microsoft Entra ID using a X509 certificate that is assigned to its App Registration. More information on how to configure certificate authentication can be found at https://learn.microsoft.com/entra/identity-platform/certificate-credentials#register-your-certificate-with-microsoft-identity-platform.

public class ClientCertificateCredential : TokenCredential

Inheritance: object

ClientCertificateCredential

Constructors

ClientCertificateCredential()

Protected constructor for mocking.

protected ClientCertificateCredential()

ClientCertificateCredential(string, string, X509Certificate2)

Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Microsoft Entra ID with the specified certificate.

public ClientCertificateCredential(string tenantId, string clientId, X509Certificate2 clientCertificate)

Parameters

tenantId string: The Microsoft Entra tenant (directory) ID of the service principal.
clientId string: The client (application) ID of the service principal
clientCertificate X509Certificate2: The authentication X509 Certificate of the service principal

ClientCertificateCredential(string, string, X509Certificate2, ClientCertificateCredentialOptions)

Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Microsoft Entra ID with the specified certificate.

public ClientCertificateCredential(string tenantId, string clientId, X509Certificate2 clientCertificate, ClientCertificateCredentialOptions options)

Parameters

tenantId string: The Microsoft Entra tenant (directory) ID of the service principal.
clientId string: The client (application) ID of the service principal
clientCertificate X509Certificate2: The authentication X509 Certificate of the service principal
options ClientCertificateCredentialOptions: Options that allow to configure the management of the requests sent to Microsoft Entra ID.

ClientCertificateCredential(string, string, string)

Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Microsoft Entra ID with the specified certificate.

public ClientCertificateCredential(string tenantId, string clientId, string clientCertificatePath)

Parameters

tenantId string: The Microsoft Entra tenant (directory) ID of the service principal.
clientId string: The client (application) ID of the service principal
clientCertificatePath string: The path to a file which contains both the client certificate and private key.

ClientCertificateCredential(string, string, string, ClientCertificateCredentialOptions)

Creates an instance of the ClientCertificateCredential with the details needed to authenticate against Microsoft Entra ID with the specified certificate.

public ClientCertificateCredential(string tenantId, string clientId, string clientCertificatePath, ClientCertificateCredentialOptions options)

Parameters

tenantId string: The Microsoft Entra tenant (directory) ID of the service principal.
clientId string: The client (application) ID of the service principal
clientCertificatePath string: The path to a file which contains both the client certificate and private key.
options ClientCertificateCredentialOptions: Options that allow to configure the management of the requests sent to Microsoft Entra ID.

Methods

GetToken(TokenRequestContext, CancellationToken)

Obtains a token from Microsoft Entra ID, using the specified X509 certificate to authenticate. Acquired tokens are cached by the credential instance. Token lifetime and refreshing is handled automatically. Where possible, reuse credential instances to optimize cache effectiveness.

public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)

Parameters

requestContext TokenRequestContext: The details of the authentication request.
cancellationToken CancellationToken: A CancellationToken controlling the request lifetime.

Returns

AccessToken: An Azure.Core.AccessToken which can be used to authenticate service client calls.

GetTokenAsync(TokenRequestContext, CancellationToken)

public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)

Parameters

requestContext TokenRequestContext: The details of the authentication request.
cancellationToken CancellationToken: A CancellationToken controlling the request lifetime.

Returns

ValueTask<AccessToken>: An Azure.Core.AccessToken which can be used to authenticate service client calls.

Table of Contents

Class ClientCertificateCredential

Constructors

ClientCertificateCredential()

ClientCertificateCredential(string, string, X509Certificate2)

Parameters

ClientCertificateCredential(string, string, X509Certificate2, ClientCertificateCredentialOptions)

Parameters

ClientCertificateCredential(string, string, string)

Parameters

ClientCertificateCredential(string, string, string, ClientCertificateCredentialOptions)

Parameters

Methods

GetToken(TokenRequestContext, CancellationToken)

Parameters

Returns

GetTokenAsync(TokenRequestContext, CancellationToken)

Parameters

Returns