progress

alexwolfmsft · alexwolfmsft · commit 6987420185ad · 2024-10-22T18:06:07.000-04:00
diff --git a/docs/azure/sdk/aspnetcore-guidance.md b/docs/azure/sdk/aspnetcore-guidance.md
@@ -1,28 +1,27 @@
 ---
 title: Best practices for using the Azure SDK with ASP.NET Core
-description: Provides guidance and an overview of best practices for using the Azure SDK with ASP.NET Core
+description: Learn best practices and the steps to properly implement the Azure SDK for .NET in your ASP.NET Core apps.
 ms.topic: conceptual
 ms.custom: devx-track-dotnet
-ms.date: 10/08/2024
+ms.date: 10/22/2024
 ---
 
 # Implement the Azure SDK for .NET in ASP.NET Core apps
 
-The Azure SDK for .NET enables ASP.NET Core apps to integrate with many different Azure services. In this article, you'll learn best practices and the steps to properly implement the Azure SDK for .NET in your ASP.NET Core apps. You'll learn how to:
+The Azure SDK for .NET enables ASP.NET Core apps to integrate with many different Azure services. In this article, you'll learn best practices and the steps to implement the Azure SDK for .NET in your ASP.NET Core apps. You'll learn how to:
 
 - Register services for dependency injection.
 - Implement centralized, standardized configuration.
 - Authenticate to Azure without using passwords or secrets.
 - Configure common web app concerns such as logging and retries.
-- Get started with additional topics such unit testing.
 
 ## Register service clients
 
-The Azure SDK for .NET provides many service clients to connect your app to services such as Azure Blob Storage and Azure Key Vault. Register these services with the dependency container in the `Program.cs` file of your app to make them available to your app using Dependency Injection. The [Microsoft.Extensions.Azure](https://www.nuget.org/packages/Microsoft.Extensions.Azure) library provides helper methods to properly register your services and handles various concerns for you, such as setting up logging, handling service lifetimes, and assisting with authentication credential management.
+The Azure SDK for .NET provides service clients to connect your app to Azure services such as Azure Blob Storage and Azure Key Vault. Register these services with the dependency container in the `Program.cs` file of your app to make them available to your app using Dependency Injection. The [Microsoft.Extensions.Azure](https://www.nuget.org/packages/Microsoft.Extensions.Azure) library provides helper methods to properly register your services and handles various concerns for you, such as setting up logging, handling service lifetimes, and authentication credential management.
 
-To register the services you need, complete the following steps.
+Complete the following steps to register the services you need:
 
-1. Install the [Microsoft.Extensions.Azure](https://www.nuget.org/packages/Microsoft.Extensions.Azure) package.
+1. Install the [Microsoft.Extensions.Azure](https://www.nuget.org/packages/Microsoft.Extensions.Azure) package:
 
     ```dotnetcli
     dotnet add package Microsoft.Extensions.Azure
@@ -41,14 +40,16 @@ To register the services you need, complete the following steps.
     ```csharp
     builder.Services.AddAzureClients(clientBuilder =>
     {
-        // Register clients for each service
+        // Register clients for each Azure service
         clientBuilder.AddSecretClient(new Uri("<key_vault_url>"));
         clientBuilder.AddBlobServiceClient(new Uri("<storage_url>"));
         clientBuilder.AddServiceBusClientWithNamespace(
             "<your_namespace>.servicebus.windows.net");
+
+        // Register a shared credential for Microsoft Entra ID authentication
         clientBuilder.UseCredential(new DefaultAzureCredential());
     
-        // Register a subclient for each Service Bus Queue
+        // Register a subclient for each Azure Service Bus Queue
         foreach (string queue in queueNames)
         {
             clientBuilder.AddClient<ServiceBusSender, ServiceBusClientOptions>(
@@ -79,10 +80,12 @@ To register the services you need, complete the following steps.
     
     <h1>Reports</h1>
     
+    <ul>
     @foreach(var report in reports)
     {
-        <p>@report.Name</p>
+        <li>@report.Name</li>
     }
+    </ul>
     
     @code {
         List<BlobItem> reports = new();
@@ -101,35 +104,80 @@ To register the services you need, complete the following steps.
 
     ---
 
+## Authenticate using Microsoft Entra ID
+
+Microsoft Entra ID is the recommended approach to authorize requests to Azure services. Use the [Azure Identity client library]() to implement secretless connections to Azure services in your code. The Azure Identity client library provides tools such as `DefaultAzureCredential` to simplify configuring secure connections. `DefaultAzureCredential` supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code.
+
+Some Azure services also allow you to authorize requests using secrets keys. However, this approach should be used with caution. Developers must be diligent to never expose the access key in an unsecure location. Anyone who has the access key is able to authorize requests against the service and data.
+
+Consider the following service client registrations:
+
+```csharp
+builder.Services.AddAzureClients(clientBuilder =>
+{
+    // Register clients for each Azure service
+    clientBuilder.AddSecretClient(new Uri("<key_vault_url>"));
+    clientBuilder.AddBlobServiceClient(new Uri("<storage_url>"));
+    clientBuilder.AddServiceBusClientWithNamespace(
+        "<your_namespace>.servicebus.windows.net");
+
+    // Register a shared credential for Microsoft Entra ID authentication
+    clientBuilder.UseCredential(new DefaultAzureCredential());
+
+    // Register a subclient for each Azure Service Bus Queue
+    foreach (string queue in queueNames)
+    {
+        clientBuilder.AddClient<ServiceBusSender, ServiceBusClientOptions>(
+            (_, _, provider) => provider.GetService<ServiceBusClient>()
+                    .CreateSender(queue)).WithName(queue);
+    }
+});
+```
+
+In the preceding code, the `clientBuilder.UseCredential()` method accepts an instance of `DefaultAzureCredential` that will be reused across your registered services. `DefaultAzureCredential` discovers available credentials in the current environment and use them to connect to Azure services. The full order and locations in which `DefaultAzureCredential` looks for credentials can be found in the [`Azure Identity library overview`](/dotnet/api/overview/azure/Identity-readme#defaultazurecredential).
+
+For example, when you run the app locally, `DefaultAzureCredential` discovers and uses credentials from the following developer tools:
+
+- Environment variables
+- Visual Studio
+- Azure CLI
+- Azure PowerShell
+- Azure Developer CLI
+
+`DefaultAzureCredential` also discovers credentials after you deploy your app from the following:
+
+- Environment variables
+- Workload identity
+- Managed identity
+
 ## Set up service configurations
 
-Azure service clients support configurations to change their default behaviors. You can define service client configurations directly in your code when you register a service. For example, in the [Register clients and subclients](#register-service-clients-and-subclients) section, you explicitly passed the Uri-typed variables to the client constructors. However, the recommended approach is to [store configurations in environment-dependent JSON files](/dotnet/core/extensions/configuration-providers#json-configuration-provider). For example, use an `appsettings.Development.json` file to store development environment settings and an `appsettings.Production.json` file to contain production environment settings. You can add any properties from the [`ClientOptions`](/dotnet/api/azure.core.clientoptions) class into the JSON file.
+Azure service clients support configurations to change their default behaviors. There are two ways to configure service clients:
+
+- You can [store configurations in environment-dependent JSON files](/dotnet/core/extensions/configuration-providers#json-configuration-provider). Configuration files are generally the recommended approach because they simplify app deployments between environments and help eliminate hard coded values.
+- You can also configurations directly in your code when you register the service client. For example, in the [Register clients and subclients](#register-service-clients-and-subclients) section, you explicitly passed the Uri-typed variables to the client constructors.
+
+The following example uses an `appsettings.Development.json` file to store development environment settings and an `appsettings.Production.json` file to contain production environment settings. You can add any properties from the [`ClientOptions`](/dotnet/api/azure.core.clientoptions) class into the JSON file.
 
 1. Update the `appsettings.<environment>.json` file in your app to match the following structure:
 
     ```json
     {
-      "AzureDefaults": {
-        "Diagnostics": {
-          "IsTelemetryDisabled": false,
-          "IsLoggingContentEnabled": true
-        }
-      },
       "KeyVault": {
         "VaultUri": "https://<your-key-vault-name>.vault.azure.net"
       },
-      "ServiceBus": {
-        "Namespace": "<your_service-bus_namespace>.servicebus.windows.net"
-      },
       "Storage": {
         "ServiceUri": "https://<your-storage-account-name>.storage.windows.net"
+      },
+      "ServiceBus": {
+        "Namespace": "<your_service-bus_namespace>.servicebus.windows.net"
       }
     }
     ```
 
     In the preceding JSON sample:
 
-    - The top-level key names, `AzureDefaults`, `KeyVault`, `ServiceBus`, and `Storage`, are arbitrary. All other key names hold significance, and JSON serialization is performed in a case-insensitive manner.
+    - The top-level key names, `KeyVault`, `ServiceBus`, and `Storage`, are arbitrary names used to reference the config sections from your code. All other key names hold significance, and JSON serialization is performed in a case-insensitive manner.
     - The `KeyVault:VaultUri`, `ServiceBus:Namespace`, and `Storage:ServiceUri` key values map to the `Uri`- and `string`-typed arguments of the <xref:Azure.Security.KeyVault.Secrets.SecretClient.%23ctor(System.Uri,Azure.Core.TokenCredential,Azure.Security.KeyVault.Secrets.SecretClientOptions)?displayProperty=fullName>, <xref:Azure.Messaging.ServiceBus.ServiceBusClient.%23ctor(System.String)?displayProperty=fullName>, and <xref:Azure.Storage.Blobs.BlobServiceClient.%23ctor(System.Uri,Azure.Core.TokenCredential,Azure.Storage.Blobs.BlobClientOptions)?displayProperty=fullName> constructor overloads, respectively. The `TokenCredential` variants of the constructors are used because a default `TokenCredential` is set via the <xref:Microsoft.Extensions.Azure.AzureClientFactoryBuilder.UseCredential(Azure.Core.TokenCredential)?displayProperty=fullName> method call.
 
 1. Retrieve the settings in the JSON configuration file using `IConfiguration` and pass them into your service registrations:
@@ -147,18 +195,14 @@ Azure service clients support configurations to change their default behaviors.
             builder.Configuration["ServiceBus:Namespace"]);
     
         clientBuilder.UseCredential(new DefaultAzureCredential());
-    
-        // Set up any default settings
-        clientBuilder.ConfigureDefaults(
-            builder.Configuration.GetSection("AzureDefaults"));
     });
     ```
 
-### Configure retries and service defaults
+### Configure retries and Azure defaults
 
 At some point, you may want to change default Azure client configurations globally or for a specific service client. For example, you may want different retry settings or to use a different service API version. You can set the retry settings globally or on a per-service basis.
 
-Update your configuration file to set a new default retry policy, as well as a specific retry policy for Azure Key Vault:
+1. Update your configuration file to set default Azure settings, such as a new default retry policy and a specific retry policy for Azure Key Vault:
 
 ```json
 {
@@ -181,13 +225,7 @@ Update your configuration file to set a new default retry policy, as well as a s
 }
 ```
 
-## Authenticate using Microsoft Entra ID
-
-Microsoft Entra ID is the recommended approach to authorize requests to Azure services. Use the [Azure Identity client library]() to implement secretless connections to Azure services in your code. The Azure Identity client library provides tools such as `DefaultAzureCredential` to simplify configuring secure connections. `DefaultAzureCredential` supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code.
-
-Some Azure services also allow you to authorize requests using secrets keys. However, this approach should be used with caution. Developers must be diligent to never expose the access key in an unsecure location. Anyone who has the access key is able to authorize requests against the service and data.
-
-Consider the following service client registrations:
+2. Add a call to the `ConfigureDefaults` extension method in your `AddAzureClients` setup:
 
 ```csharp
 builder.Services.AddAzureClients(clientBuilder =>
@@ -209,53 +247,20 @@ builder.Services.AddAzureClients(clientBuilder =>
 });
 ```
 
-In the preceding code, the `clientBuilder.UseCredential()` method accepts an instance of `DefaultAzureCredential` that will be reused across your registered services. `DefaultAzureCredential` discovers available credentials in the current environment and use them to connect to Azure services. The full order and locations in which `DefaultAzureCredential` looks for credentials can be found in the [`Azure Identity library overview`](/dotnet/api/overview/azure/Identity-readme#defaultazurecredential).
-
-For example, when you run the app locally, `DefaultAzureCredential` discovers and uses credentials from the following developer tools:
-
-- Environment variables
-- Visual Studio
-- Azure CLI
-- Azure PowerShell
-- Azure Developer CLI
-
-`DefaultAzureCredential` also discovers credentials after you deploy your app from the following:
-
-- Environment variables
-- Workload identity
-- Managed identity
-
 ## Configure logging
 
-The Azure SDK for .NET client libraries include the ability to log client library operations. This logging allows you to monitor requests and responses between services clients and Azure services. When you register the Azure SDK library's client via a call to the <xref:Microsoft.Extensions.Azure.AzureClientServiceCollectionExtensions.AddAzureClients%2A> extension method, some logging configurations are handled for you.
-
-```csharp
-    ```csharp
-builder.Services.AddAzureClients(clientBuilder =>
-{
-    clientBuilder.AddSecretClient(
-        builder.Configuration.GetSection("KeyVault"));
-
-    clientBuilder.AddBlobServiceClient(
-        builder.Configuration.GetSection("Storage"));
+The Azure SDK for .NET client libraries can log client library operations to monitor requests and responses to Azure services. When you register an Azure SDK client using the <xref:Microsoft.Extensions.Azure.AzureClientServiceCollectionExtensions.AddAzureClients%2A> extension method, the <xref:Microsoft.Extensions.Azure.AzureEventSourceLogForwarder> is registered with the dependency injection container. This service forwards log messages from Azure SDK event sources to <xref:Microsoft.Extensions.Logging.ILoggerFactory> to enables you to use the standard ASP.NET Core logging configuration for logging.
 
-    clientBuilder.AddServiceBusClientWithNamespace(
-        builder.Configuration["ServiceBus:Namespace"]);
+The following table depicts how the Azure SDK for .NET `EventLevel` maps to the ASP.NET Core `LogLevel`.
 
-    clientBuilder.UseCredential(new DefaultAzureCredential());
-
-    // Set up any default settings
-    clientBuilder.ConfigureDefaults(
-        builder.Configuration.GetSection("AzureDefaults"));
-});
-```
-
-In the preceding sample, the `AddAzureClients` method:
-
-- Registers the following objects with the dependency injection (DI) container:
-  - Log forwarder service
-  - Azure Service Bus client
-- Sets the default token credential to be used for all registered clients.
+| Azure SDK `EventLevel` | ASP.NET Core `LogLevel` |
+|------------------------|-------------------------|
+| `Critical`             | `Critical`              |
+| `Error`                | `Error`                 |
+| `Informational`        | `Information`           |
+| `Warning`              | `Warning`               |
+| `Verbose`              | `Debug`                 |
+| `LogAlways`            | `Information`           |
 
 You can change default log levels and other settings using the same JSON configurations outlined in the [configure authentication](#configure-authentication) section. For example, toggle a the `ServiceBusClient` log level to `Debug` by setting the `Logging:LogLevel:Azure.Messaging.ServiceBus` key as follows:
 
@@ -270,38 +275,3 @@ You can change default log levels and other settings using the same JSON configu
     }
 }
 ```
-
-## Unit testing considerations
-
-Unit testing is an important part of a sustainable development process that can improve code quality and prevent regressions or bugs in your apps. This section provides a basic introduction to Unit Testing with the Azure SDK for .NET. Visit the [Unit testing and mocking with the Azure SDK for .NET](/dotnet/azure/sdk/unit-testing-mocking) article for a detailed exploration of these unit testing concepts.
-
-Unit testing presents challenges when the code you're testing performs network calls, such as those made to Azure resources by Azure service clients. Tests that run against live services can experience issues, such as latency that slows down test execution, dependencies on code outside of the isolated test, and issues with managing service state and costs every time the test is run. Instead of testing against live Azure services, replace the service clients with mocked or in-memory implementations to avoid these issues.
-
-Each of the Azure SDK clients follows [mocking guidelines](https://azure.github.io/azure-sdk/dotnet_introduction.html#dotnet-mocking) that allow their behavior to be overridden:
-
-* Each client offers at least one protected constructor to allow inheritance for testing.
-* All public client members are virtual to allow overriding.
-
-To create a test service client, you can either use a mocking library or standard C# features such as inheritance. Mocking frameworks allow you to simplify the code that you must write to override member behavior. (These frameworks also have other useful features that are beyond the scope of this article.)
-
-```csharp
-KeyVaultSecret keyVaultSecret = SecretModelFactory.KeyVaultSecret(
-    new SecretProperties("secret"), "secretValue");
-
-Mock<SecretClient> clientMock = new Mock<SecretClient>();
-clientMock.Setup(c => c.GetSecret(
-        It.IsAny<string>(),
-        It.IsAny<string>(),
-        It.IsAny<CancellationToken>())
-    )
-    .Returns(Response.FromValue(keyVaultSecret, Mock.Of<Response>()));
-
-clientMock.Setup(c => c.GetSecretAsync(
-        It.IsAny<string>(),
-        It.IsAny<string>(),
-        It.IsAny<CancellationToken>())
-    )
-    .ReturnsAsync(Response.FromValue(keyVaultSecret, Mock.Of<Response>()));
-
-SecretClient secretClient = clientMock.Object;
-```
