|
1 | 1 | --- |
2 | | -title: Authorize search app requests using Azure AD |
| 2 | +title: Configure search apps for Azure AD |
3 | 3 | titleSuffix: Azure Cognitive Search |
4 | | -description: Acquire a token from Azure AD to authorize search requests to an app built on Azure Cognitive Search. |
| 4 | +description: Acquire a token from Azure Active Directory to authorize search requests to an app built on Azure Cognitive Search. |
5 | 5 |
|
6 | 6 | author: gmndrg |
7 | 7 | ms.author: gimondra |
8 | 8 | ms.service: cognitive-search |
9 | 9 | ms.topic: how-to |
10 | | -ms.date: 1/05/2022 |
| 10 | +ms.date: 01/13/2023 |
11 | 11 | ms.custom: subject-rbac-steps |
12 | 12 | --- |
13 | 13 |
|
@@ -89,7 +89,7 @@ It's a best practice to grant minimum permissions. If your application only need |
89 | 89 |
|
90 | 90 | 1. Select **+ Add** > **Add role assignment**. |
91 | 91 |
|
92 | | -  |
| 92 | + :::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-menu-generic.png" alt-text="Screenshot of Access control (IAM) page with Add role assignment menu open." border="true"::: |
93 | 93 |
|
94 | 94 | 1. Select an applicable role: |
95 | 95 |
|
@@ -143,10 +143,18 @@ The following instructions reference an existing C# sample to demonstrate the co |
143 | 143 | SearchClient srchclient = new SearchClient(serviceEndpoint, indexName, new DefaultAzureCredential()); |
144 | 144 | ``` |
145 | 145 |
|
146 | | -> [!NOTE] |
147 | | -> User-assigned managed identities work only in Azure environments. If you run this code locally, `DefaultAzureCredential` will fall back to authenticating with your credentials. Make sure you've also given yourself the required access to the search service if you plan to run the code locally. |
| 146 | +### Local testing |
| 147 | + |
| 148 | +User-assigned managed identities work only in Azure environments. If you run this code locally, `DefaultAzureCredential` will fall back to authenticating with your credentials. Make sure you've also given yourself the required access to the search service if you plan to run the code locally. |
| 149 | + |
| 150 | +1. Verify your account has role assignments to run all of the operations in the quickstart sample. To both create and query an index, you'll need "Search Index Data Reader" and "Search Index Data Contributor". |
148 | 151 |
|
149 | | -The Azure.Identity documentation has more details about `DefaultAzureCredential` and using [Azure AD authentication with the Azure SDK for .NET](/dotnet/api/overview/azure/identity-readme). `DefaultAzureCredential` is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types. |
| 152 | +1. Go to **Tools** > **Options** > **Azure Service Authentication** to choose your Azure sign-on account. |
| 153 | + |
| 154 | +You should now be able to run the project from Visual Studio on your local system, using role-based access control for authorization. |
| 155 | + |
| 156 | +> [!NOTE] |
| 157 | +> The Azure.Identity documentation has more details about `DefaultAzureCredential` and using [Azure AD authentication with the Azure SDK for .NET](/dotnet/api/overview/azure/identity-readme). `DefaultAzureCredential` is intended to simplify getting started with the SDK by handling common scenarios with reasonable default behaviors. Developers who want more control or whose scenario isn't served by the default settings should use other credential types. |
150 | 158 |
|
151 | 159 | ### [**REST API**](#tab/aad-rest) |
152 | 160 |
|
|
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments