Improve credential reuse code sample for ASP.NET Core

Author: scottaddie

.openpublishing.redirection.azure.json

@@ -123,6 +123,10 @@
         {
             "source_path_from_root": "/docs/azure/sdk/azure-sdk-configure-proxy.md",
             "redirect_url": "/dotnet/azure/sdk/configure-proxy"
+        },
+        {
+            "source_path_from_root": "/docs/azure/authentication/authentication-best-practices.md",
+            "redirect_url": "/dotnet/azure/sdk/authentication/best-practices"
         }
     ]
 }

docs/azure/sdk/authentication/authentication-best-practices.md renamed to docs/azure/sdk/authentication/best-practices.md

@@ -50,13 +50,13 @@ The recommended credential reuse strategy differs by .NET application type.
 
 Implement credential reuse through the `UseCredential` method of `Microsoft.Extensions.Azure`:
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_Dac" highlight="6" :::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="12" :::
 
 For information on this approach, see [Authenticate using Microsoft Entra ID](/dotnet/azure/sdk/aspnetcore-guidance?tabs=api#authenticate-using-microsoft-entra-id).
 
 # [Other](#tab/other)
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_noDac" highlight="8, 12" :::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="8, 12" :::
 
 ---
 

docs/azure/sdk/snippets/authentication/best-practices/Program.cs

@@ -3,23 +3,29 @@
 using Azure.Storage.Blobs;
 using Microsoft.Extensions.Azure;
 
-var userAssignedClientId = "<user-assigned-client-id>";
+var clientId = "<user-assigned-client-id>";
 var builder = WebApplication.CreateBuilder(args);
 
-#region snippet_credential_reuse_Dac
+#region snippet_credential_reuse_AspNetCore
 builder.Services.AddAzureClients(clientBuilder =>
 {
     clientBuilder.AddSecretClient(new Uri("<key-vault-url>"));
     clientBuilder.AddBlobServiceClient(new Uri("<blob-storage-url>"));
 
-    clientBuilder.UseCredential(new DefaultAzureCredential());
+    string clientId = builder.Configuration["UserAssignedClientId"]!;
+    ChainedTokenCredential credentialChain = new(
+        new ManagedIdentityCredential(
+            ManagedIdentityId.FromUserAssignedClientId(clientId)),
+        new VisualStudioCredential());
+
+    clientBuilder.UseCredential(credentialChain);
 });
-#endregion snippet_credential_reuse_Dac
+#endregion snippet_credential_reuse_AspNetCore
 
-#region snippet_credential_reuse_noDac
+#region snippet_credential_reuse_nonAspNetCore
 ChainedTokenCredential credentialChain = new(
     new ManagedIdentityCredential(
-        ManagedIdentityId.FromUserAssignedClientId(userAssignedClientId)),
+        ManagedIdentityId.FromUserAssignedClientId(clientId)),
     new VisualStudioCredential());
 
 BlobServiceClient blobServiceClient = new(
@@ -29,11 +35,11 @@
 SecretClient secretClient = new(
     new Uri("<key-vault-url>"),
     credentialChain);
-#endregion snippet_credential_reuse_noDac
+#endregion snippet_credential_reuse_nonAspNetCore
 
 #region snippet_retries
 ManagedIdentityCredentialOptions miCredentialOptions = new(
-        ManagedIdentityId.FromUserAssignedClientId(userAssignedClientId)
+        ManagedIdentityId.FromUserAssignedClientId(clientId)
     )
     {
         Retry =