Enhance managed identity authentication logic (#876)

FullStackChef · web-flow · commit d21a19d7e401 · 2025-09-29T11:38:53.000+10:00
* Enhance managed identity authentication logic

Added a using directive for `Azure.Provisioning.Roles` and refactored the `ConfigureForManagedIdentityAuthentication` method. The method now retrieves provisionable resources more efficiently and correctly uses the `PrincipalId` from `UserAssignedIdentity` for setting the `azureClientId` metadata.

* Refactor variable names for clarity in AzureRedisCacheDaprHostingExtensions
diff --git a/src/CommunityToolkit.Aspire.Hosting.Azure.Dapr.Redis/AzureRedisCacheDaprHostingExtensions.cs b/src/CommunityToolkit.Aspire.Hosting.Azure.Dapr.Redis/AzureRedisCacheDaprHostingExtensions.cs
@@ -4,6 +4,7 @@
 using Azure.Provisioning.AppContainers;
 using Azure.Provisioning.Expressions;
 using Azure.Provisioning.KeyVault;
+using Azure.Provisioning.Roles;
 using CommunityToolkit.Aspire.Hosting.Azure.Dapr;
 using CommunityToolkit.Aspire.Hosting.Dapr;
 using AzureRedisResource = Azure.Provisioning.Redis.RedisResource;
@@ -96,7 +97,10 @@ private static void ConfigureForManagedIdentityAuthentication(this IResourceBuil
         {
             var redisHostParam = redisBuilder.GetOutput(daprConnectionStringKey).AsProvisioningParameter(infrastructure, redisHostKey);
 
-            if (infrastructure.GetProvisionableResources().OfType<ContainerAppManagedEnvironment>().FirstOrDefault() is ContainerAppManagedEnvironment managedEnvironment)
+            var provisionableResources = infrastructure.GetProvisionableResources();
+            if (provisionableResources.OfType<ContainerAppManagedEnvironment>().FirstOrDefault()
+            is ContainerAppManagedEnvironment managedEnvironment &&
+            provisionableResources.OfType<UserAssignedIdentity>().FirstOrDefault() is UserAssignedIdentity identity)
             {
                 var daprComponent = AzureDaprHostingExtensions.CreateDaprComponent(
                     builder.Resource.Name,
@@ -111,7 +115,7 @@ private static void ConfigureForManagedIdentityAuthentication(this IResourceBuil
                     new() { Name = redisHostKey, Value = redisHostParam },
                     new() { Name = "enableTLS", Value = "true" },
                     new() { Name = "useEntraID", Value = "true" },
-                    new() { Name = "azureClientId", Value = managedEnvironment.Identity.PrincipalId }
+                    new() { Name = "azureClientId", Value = identity.PrincipalId }
                 };
 
                 // Add state-specific metadata
