You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-signalr/signalr-howto-authorize-managed-identity.md
+23-4Lines changed: 23 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Authorize requests to Azure SignalR Service resources with Microsoft Entr
3
3
description: This article provides information about authorizing requests to Azure SignalR Service resources by using Microsoft Entra managed identities.
4
4
author: vicancy
5
5
ms.author: lianwei
6
-
ms.date: 03/28/2023
6
+
ms.date: 07/28/2024
7
7
ms.service: signalr
8
8
ms.topic: how-to
9
9
ms.devlang: csharp
@@ -76,9 +76,18 @@ To learn more about how to assign and manage Azure roles, see these articles:
76
76
77
77
#### Use a system-assigned identity
78
78
79
-
You can use either [DefaultAzureCredential](/dotnet/api/overview/azure/identity-readme#defaultazurecredential) or [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential)to configure your Azure SignalR Service endpoints. The best practice is to use `ManagedIdentityCredential` directly.
79
+
Azure SignalR SDK supports identity based connection string. If the configuration is set in App Server's environment variables, you don't need to redeploy App Server but simply a configuration change to migrate from Access Key to MSI. For example, update your App Server's environment variable `Azure__SignalR__ConnectionString` to `Endpoint=https://<resource1>.service.signalr.net;AuthType=azure.msi;Version=1.0;`. Or set in DI code.
80
80
81
-
The system-assigned managed identity is used by default, but *make sure that you don't configure any environment variables* that [EnvironmentCredential](/dotnet/api/azure.identity.environmentcredential) preserved if you use `DefaultAzureCredential`. Otherwise, Azure SignalR Service falls back to use `EnvironmentCredential` to make the request, which usually results in an `Unauthorized` response.
Besides, you can use either [DefaultAzureCredential](/dotnet/api/overview/azure/identity-readme#defaultazurecredential) or [ManagedIdentityCredential](/dotnet/api/azure.identity.managedidentitycredential) to configure your Azure SignalR Service endpoints. The best practice is to use `ManagedIdentityCredential` directly.
86
+
87
+
Notice that system-assigned managed identity is used by default, but *make sure that you don't configure any environment variables* that [EnvironmentCredential](/dotnet/api/azure.identity.environmentcredential) preserved if you use `DefaultAzureCredential`. Otherwise, Azure SignalR Service falls back to use `EnvironmentCredential` to make the request, which usually results in an `Unauthorized` response.
88
+
89
+
> [!IMPORTANT]
90
+
> Remove `Azure__SignalR__ConnectionString` if there was from environment variables in this way. `Azure__SignalR__ConnectionString` will be used to build default `ServiceEndpoint` with first priority and may leads your App Server use Access Key unexpectedly.
82
91
83
92
```C#
84
93
services.AddSignalR().AddAzureSignalR(option=>
@@ -97,16 +106,26 @@ Provide `ClientId` while creating the `ManagedIdentityCredential` object.
97
106
> [!IMPORTANT]
98
107
> Use the client ID, not the object (principal) ID, even if they're both GUIDs.
### Azure SignalR Service bindings in Azure Functions
111
130
112
131
Azure SignalR Service bindings in Azure Functions use [application settings](../azure-functions/functions-how-to-use-azure-function-app-settings.md) in the portal or [local.settings.json](../azure-functions/functions-develop-local.md#local-settings-file) locally to configure a managed identity to access your Azure SignalR Service resources.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments