Merge pull request #280767 from jeffwmartinez/jefmarti-msi-flow

prmerger-automator[bot] · web-flow · commit 0cdfa360216b · 2024-07-15T19:27:31.000Z
improving dotnet workflow
diff --git a/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-dotnet-pivot.md b/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-dotnet-pivot.md
@@ -8,7 +8,7 @@ ms.date: 04/10/2024
 ms.author: jefmarti
 ---
 
-You can use Azure App Service to work with popular AI frameworks like LangChain and Semantic Kernel connected to OpenAI for creating intelligent apps. In the following tutorial, we are adding an Azure OpenAI service using Semantic Kernel to a .NET 8 Blazor web application.  
+You can use Azure App Service to work with popular AI frameworks like LangChain and Semantic Kernel connected to OpenAI for creating intelligent apps. In the following tutorial, we're adding an Azure OpenAI service using Semantic Kernel to a .NET 8 Blazor web application.  
 
 #### Prerequisites
 
@@ -17,7 +17,7 @@ You can use Azure App Service to work with popular AI frameworks like LangChain
 
 ### Setup Blazor web app
 
-For this Blazor web application, we are building off the Blazor [template](https://dotnet.microsoft.com/learn/aspnet/blazor-tutorial/intro) and creating a new razor page that can send and receive requests to an Azure OpenAI OR OpenAI service using Semantic Kernel.
+For this Blazor web application, we're building off the Blazor [template](https://dotnet.microsoft.com/learn/aspnet/blazor-tutorial/intro) and creating a new razor page that can send and receive requests to an Azure OpenAI OR OpenAI service using Semantic Kernel.
 
 1. Right click on the **Pages** folder found under the **Components** folder and add a new item named *OpenAI.razor*
 2. Add the following code to the **OpenAI.razor* file and click **Save**
@@ -60,48 +60,11 @@ Next, we need to add the new page to the navigation so we can navigate to the se
 
 After the Navigation is updated, we can start preparing to build the OpenAI client to handle our requests.
 
-### Secure your app with managed identity
-
-Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
-
-Follow the steps below to secure your application:
-
-Add the identity package `Azure.Identity`. This package enables using Azure credentials in your app.  Install the package using Nuget package manager and add the using statement to the top of the OpenAI.razor file.
-
-```c#
-@using Azure.Identity
-```
-
-Next, include the default Azure credentials in the chat completions options
-
-```c#
-var kernel = Kernel.CreateBuilder()
-	.AddAzureOpenAIChatCompletion(
-		deploymentName: deploymentName,
-		endpoint: endpoint,
-		credentials: new DefaultAzureCredential()
-	)
-	.Build();
-```
-
-Once the credentials are added to the application, you�ll then need to enable managed identity in your application and grant access to the resource.
-
-1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
-2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
-3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
-4. Find the Grant access to this resource card and click on **Add role assignment**
-5. Search for the **Cognitive Services OpenAI User** role and click **Next**
-6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
-7. Next, click on **+Select Members**  and find your web app
-8. Click **Review + assign**
-
-Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
-
 ### API keys and endpoints
 
 In order to make calls to OpenAI with your client, you need to first grab the Keys and Endpoint values from Azure OpenAI, or OpenAI and add them as secrets for use in your application. Retrieve and save the values for later use.
 
-For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. For our application, you need the following values:
+For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. If you're planning to use [managed identity](../../overview-managed-identity.md) to secure your app you'll only need the `deploymentName` and `endpoint` values.  Otherwise, you need each of the following:
 
 - `deploymentName`
 - `endpoint`
@@ -198,7 +161,7 @@ Here we're adding the using statement and creating the Kernel in a method that w
 
 ### Add your AI service
 
-Once the Kernel is initialized, we can add our chosen AI service to the kernel. Here we define our model and pass in our key and endpoint information to be consumed by the chosen model.
+Once the Kernel is initialized, we can add our chosen AI service to the kernel. Here we define our model and pass in our key and endpoint information to be consumed by the chosen model. If you plan to use managed identity with Azure OpenAI, add the service using the example in the next section.
 
 For Azure OpenAI, use the following code:
 
@@ -225,6 +188,43 @@ builder.Services.AddOpenAIChatCompletion(
 var kernel = builder.Build();
 ```
 
+### Secure your app with managed identity
+
+If you�re using Azure OpenAI, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. This enables your application to access the Azure OpenAI resource without needing to manage API keys. If you're not using Azure OpenAI, your secrets can remain secure using Azure Key Vault outlined above.
+
+Follow the steps below to secure your application with managed identity:
+
+Add the identity package `Azure.Identity`. This package enables using Azure credentials in your app.  Install the package using Nuget package manager and add the using statement to the top of the OpenAI.razor file.
+
+```c#
+@using Azure.Identity
+```
+
+Next, include the default Azure credentials in the chat completions parameters. The `deploymentName` and `endpoint` parameters are still required and should be secured using the Key Vault method covered in the previous section.
+
+```c#
+var kernel = Kernel.CreateBuilder()
+	.AddAzureOpenAIChatCompletion(
+		deploymentName: deploymentName,
+		endpoint: endpoint,
+		credentials: new DefaultAzureCredential()
+	)
+	.Build();
+```
+
+Once the credentials are added to the application, you'll then need to enable managed identity in your application and grant access to the resource.
+
+1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
+2. Once System assigned identity is turned on, it register's the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
+3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
+4. Find the Grant access to this resource card and click on **Add role assignment**
+5. Search for the **Cognitive Services OpenAI User** role and click **Next**
+6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
+7. Next, click on **+Select Members**  and find your web app
+8. Click **Review + assign**
+
+Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
+
 ### Configure prompt and create semantic function
 
 Now that our chosen OpenAI service client is created with the correct keys we can add a function to handle the prompt. With Semantic Kernel you can handle prompts by the use of a semantic function, which turn the prompt and the prompt configuration settings into a function the Kernel can execute. Learn more on configuring prompts [here](/semantic-kernel/prompts/configure-prompts?tabs=Csharp).
