improving dotnet workflow

jeffwmartinez · jeffwmartinez · commit 1e4e1edbf3e8 · 2024-07-12T14:52:31.000-07:00
diff --git a/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-dotnet-pivot.md b/articles/app-service/includes/deploy-intelligent-apps/deploy-intelligent-apps-linux-dotnet-pivot.md
@@ -60,48 +60,11 @@ Next, we need to add the new page to the navigation so we can navigate to the se
 
 After the Navigation is updated, we can start preparing to build the OpenAI client to handle our requests.
 
-### Secure your app with managed identity
-
-Although optional, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. Skip this step if you are not using Azure OpenAI. This enables your application to access the Azure OpenAI resource without needing to manage API keys.
-
-Follow the steps below to secure your application:
-
-Add the identity package `Azure.Identity`. This package enables using Azure credentials in your app.  Install the package using Nuget package manager and add the using statement to the top of the OpenAI.razor file.
-
-```c#
-@using Azure.Identity
-```
-
-Next, include the default Azure credentials in the chat completions options
-
-```c#
-var kernel = Kernel.CreateBuilder()
-	.AddAzureOpenAIChatCompletion(
-		deploymentName: deploymentName,
-		endpoint: endpoint,
-		credentials: new DefaultAzureCredential()
-	)
-	.Build();
-```
-
-Once the credentials are added to the application, you�ll then need to enable managed identity in your application and grant access to the resource.
-
-1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
-2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
-3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
-4. Find the Grant access to this resource card and click on **Add role assignment**
-5. Search for the **Cognitive Services OpenAI User** role and click **Next**
-6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
-7. Next, click on **+Select Members**  and find your web app
-8. Click **Review + assign**
-
-Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
-
 ### API keys and endpoints
 
 In order to make calls to OpenAI with your client, you need to first grab the Keys and Endpoint values from Azure OpenAI, or OpenAI and add them as secrets for use in your application. Retrieve and save the values for later use.
 
-For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. For our application, you need the following values:
+For Azure OpenAI, see [this documentation](../../../ai-services/openai/quickstart.md?pivots=programming-language-csharp&tabs=command-line%2Cpython#retrieve-key-and-endpoint) to retrieve the key and endpoint values. If you are planning to use [managed identity](../../overview-managed-identity.md) to secure your app you will only need the `deploymentName` and `endpoint` values.  Otherwise, you will need each of the following:
 
 - `deploymentName`
 - `endpoint`
@@ -198,7 +161,7 @@ Here we're adding the using statement and creating the Kernel in a method that w
 
 ### Add your AI service
 
-Once the Kernel is initialized, we can add our chosen AI service to the kernel. Here we define our model and pass in our key and endpoint information to be consumed by the chosen model.
+Once the Kernel is initialized, we can add our chosen AI service to the kernel. Here we define our model and pass in our key and endpoint information to be consumed by the chosen model. If you plan to use managed identity with Azure OpenAI, add the service using the example in the next section.
 
 For Azure OpenAI, use the following code:
 
@@ -225,6 +188,43 @@ builder.Services.AddOpenAIChatCompletion(
 var kernel = builder.Build();
 ```
 
+### Secure your app with managed identity
+
+If you�re using Azure OpenAI, it's highly recommended to secure your application using [managed identity](../../overview-managed-identity.md) to authenticate your app to your Azure OpenAI resource. This enables your application to access the Azure OpenAI resource without needing to manage API keys. If you are not using Azure OpenAI, your secrets can remain secure using Azure Key Vault outlined above.
+
+Follow the steps below to secure your application with managed identity:
+
+Add the identity package `Azure.Identity`. This package enables using Azure credentials in your app.  Install the package using Nuget package manager and add the using statement to the top of the OpenAI.razor file.
+
+```c#
+@using Azure.Identity
+```
+
+Next, include the default Azure credentials in the chat completions parameters. Note that the `deploymentName` and `endpoint` parameters are still required and should be secured using the Key Vault method covered in the previous section.
+
+```c#
+var kernel = Kernel.CreateBuilder()
+	.AddAzureOpenAIChatCompletion(
+		deploymentName: deploymentName,
+		endpoint: endpoint,
+		credentials: new DefaultAzureCredential()
+	)
+	.Build();
+```
+
+Once the credentials are added to the application, you'll then need to enable managed identity in your application and grant access to the resource.
+
+1. In your web app resource, navigate to the **Identity** blade and turn on **System assigned** and click **Save**
+2. Once System assigned identity is turned on, it will register the web app with Microsoft Entra ID and the web app can be granted permissions to access protected resources.  
+3. Go to your Azure OpenAI resource and navigate to the **Access control (IAM)** blade on the left pane.  
+4. Find the Grant access to this resource card and click on **Add role assignment**
+5. Search for the **Cognitive Services OpenAI User** role and click **Next**
+6. On the **Members** tab, find **Assign access to** and choose the **Managed identity** option
+7. Next, click on **+Select Members**  and find your web app
+8. Click **Review + assign**
+
+Your web app is now added as a cognitive service OpenAI user and can communicate to your Azure OpenAI resource.
+
 ### Configure prompt and create semantic function
 
 Now that our chosen OpenAI service client is created with the correct keys we can add a function to handle the prompt. With Semantic Kernel you can handle prompts by the use of a semantic function, which turn the prompt and the prompt configuration settings into a function the Kernel can execute. Learn more on configuring prompts [here](/semantic-kernel/prompts/configure-prompts?tabs=Csharp).
