Refactor DefaultAzureCredential usage by eerhardt · Pull Request #14951 · microsoft/aspire

eerhardt · 2026-03-04T19:49:37Z

Using the parameterless ctor of DefaultAzureCredential is not recommended. Instead try to detect when we are running in Azure and use Azure credentials. Fallback to using just development credentials when we can't detect we are in Azure.

Users can always provide their own to override this behavior.

Checklist

Is this feature complete?
- Yes. Ready to ship.
Are you including unit tests for the changes and scenario tests if relevant?
- No
Did you add public API?
- No
Does the change make any security assumptions or guarantees?
- Yes
  - If yes, have you done a threat model and had a security review?
    - No
Does the change require an update in our Aspire docs?
- Yes
  - Link to aspire.dev issue:
    [13.2] Document breaking change on DefaultAzureCredential in client integrations aspire.dev#516
- No

github-actions · 2026-03-04T19:49:53Z

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14951

Or

Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14951"

eerhardt · 2026-03-04T22:54:57Z

/deployment-test

github-actions · 2026-03-04T22:55:17Z

🚀 Deployment tests starting on PR #14951...

This will deploy to real Azure infrastructure. Results will be posted here when complete.

View workflow run

github-actions · 2026-03-04T23:27:56Z

❌ Deployment E2E Tests failed

Summary: 13 passed, 12 failed, 0 cancelled

View workflow run

Passed Tests

✅ Deployment.EndToEnd-PythonFastApiDeploymentTests
✅ Deployment.EndToEnd-AppServiceReactDeploymentTests
✅ Deployment.EndToEnd-AcrPurgeTaskDeploymentTests
✅ Deployment.EndToEnd-AcaCompactNamingUpgradeDeploymentTests
✅ Deployment.EndToEnd-VnetStorageBlobConnectivityDeploymentTests
✅ Deployment.EndToEnd-AcaStarterDeploymentTests
✅ Deployment.EndToEnd-VnetKeyVaultConnectivityDeploymentTests
✅ Deployment.EndToEnd-AcaCustomRegistryDeploymentTests
✅ Deployment.EndToEnd-AppServicePythonDeploymentTests
✅ Deployment.EndToEnd-AksStarterWithRedisDeploymentTests
✅ Deployment.EndToEnd-AcaExistingRegistryDeploymentTests
✅ Deployment.EndToEnd-AuthenticationTests
✅ Deployment.EndToEnd-AksStarterDeploymentTests

Failed Tests

❌ Deployment.EndToEnd-AzureServiceBusDeploymentTests
❌ Deployment.EndToEnd-AzureKeyVaultDeploymentTests
❌ Deployment.EndToEnd-AcaCompactNamingDeploymentTests
❌ Deployment.EndToEnd-AzureContainerRegistryDeploymentTests
❌ Deployment.EndToEnd-VnetStorageBlobInfraDeploymentTests
❌ Deployment.EndToEnd-AcaDeploymentErrorOutputTests
❌ Deployment.EndToEnd-VnetKeyVaultInfraDeploymentTests
❌ Deployment.EndToEnd-VnetSqlServerInfraDeploymentTests
❌ Deployment.EndToEnd-AzureAppConfigDeploymentTests
❌ Deployment.EndToEnd-AzureLogAnalyticsDeploymentTests
❌ Deployment.EndToEnd-AzureStorageDeploymentTests
❌ Deployment.EndToEnd-AzureEventHubsDeploymentTests

🎬 Terminal Recordings

Test	Recording
DeployAzureAppConfigResourceCore	▶️ View Recording
DeployAzureContainerRegistryResourceCore	▶️ View Recording
DeployAzureEventHubsResourceCore	▶️ View Recording
DeployAzureKeyVaultResourceCore	▶️ View Recording
DeployAzureLogAnalyticsResourceCore	▶️ View Recording
DeployAzureServiceBusResourceCore	▶️ View Recording
DeployAzureStorageResourceCore	▶️ View Recording
DeployPythonFastApiTemplateToAzureAppServiceCore	▶️ View Recording
DeployPythonFastApiTemplateToAzureContainerAppsCore	▶️ View Recording
DeployPythonStarterWithPurgeTaskCore	▶️ View Recording
DeployReactTemplateToAzureAppServiceCore	▶️ View Recording
DeployStarterTemplateToAksCore	▶️ View Recording
DeployStarterTemplateToAzureContainerAppsCore	▶️ View Recording
DeployStarterTemplateWithCustomRegistryCore	▶️ View Recording
DeployStarterTemplateWithExistingRegistryCore	▶️ View Recording
DeployStarterTemplateWithKeyVaultPrivateEndpointCore	▶️ View Recording
DeployStarterTemplateWithRedisToAksCore	▶️ View Recording
DeployStarterTemplateWithStorageBlobPrivateEndpointCore	▶️ View Recording
DeployVnetKeyVaultInfrastructureCore	▶️ View Recording
DeployVnetSqlServerInfrastructureCore	▶️ View Recording
DeployVnetStorageBlobInfrastructureCore	▶️ View Recording
DeployWithCompactNamingFixesStorageCollisionCore	▶️ View Recording
DeployWithInvalidLocation_ErrorOutputIsCleanCore	▶️ View Recording
UpgradeFromGaToDevDoesNotDuplicateStorageAccountsCore	▶️ View Recording

… parameterless ctor is obsolete.

sebastienros · 2026-03-05T22:31:51Z

The polyglot languages could use such helpers ... one day

src/Shared/AzureCredentialHelper.cs

github-actions · 2026-03-05T23:18:56Z

❌ Deployment E2E Tests failed

Summary: 25 passed, 1 failed, 0 cancelled

View workflow run

Passed Tests

✅ Deployment.EndToEnd-AcaCompactNamingDeploymentTests
✅ Deployment.EndToEnd-VnetKeyVaultConnectivityDeploymentTests
✅ Deployment.EndToEnd-AzureAppConfigDeploymentTests
✅ Deployment.EndToEnd-AzureStorageDeploymentTests
✅ Deployment.EndToEnd-AzureContainerRegistryDeploymentTests
✅ Deployment.EndToEnd-AzureEventHubsDeploymentTests
✅ Deployment.EndToEnd-VnetKeyVaultInfraDeploymentTests
✅ Deployment.EndToEnd-AzureKeyVaultDeploymentTests
✅ Deployment.EndToEnd-AzureServiceBusDeploymentTests
✅ Deployment.EndToEnd-VnetSqlServerInfraDeploymentTests
✅ Deployment.EndToEnd-AuthenticationTests
✅ Deployment.EndToEnd-PythonFastApiDeploymentTests
✅ Deployment.EndToEnd-AzureLogAnalyticsDeploymentTests
✅ Deployment.EndToEnd-AppServicePythonDeploymentTests
✅ Deployment.EndToEnd-AksStarterDeploymentTests
✅ Deployment.EndToEnd-AcaStarterDeploymentTests
✅ Deployment.EndToEnd-VnetStorageBlobInfraDeploymentTests
✅ Deployment.EndToEnd-VnetStorageBlobConnectivityDeploymentTests
✅ Deployment.EndToEnd-AcaExistingRegistryDeploymentTests
✅ Deployment.EndToEnd-AcrPurgeTaskDeploymentTests
✅ Deployment.EndToEnd-AksStarterWithRedisDeploymentTests
✅ Deployment.EndToEnd-AcaCompactNamingUpgradeDeploymentTests
✅ Deployment.EndToEnd-AcaCustomRegistryDeploymentTests
✅ Deployment.EndToEnd-AcaDeploymentErrorOutputTests
✅ Deployment.EndToEnd-AppServiceReactDeploymentTests

Failed Tests

❌ Deployment.EndToEnd-TypeScriptExpressDeploymentTests

🎬 Terminal Recordings

Test	Recording
DeployAzureAppConfigResourceCore	▶️ View Recording
DeployAzureContainerRegistryResourceCore	▶️ View Recording
DeployAzureEventHubsResourceCore	▶️ View Recording
DeployAzureKeyVaultResourceCore	▶️ View Recording
DeployAzureLogAnalyticsResourceCore	▶️ View Recording
DeployAzureServiceBusResourceCore	▶️ View Recording
DeployAzureStorageResourceCore	▶️ View Recording
DeployPythonFastApiTemplateToAzureAppServiceCore	▶️ View Recording
DeployPythonFastApiTemplateToAzureContainerAppsCore	▶️ View Recording
DeployPythonStarterWithPurgeTaskCore	▶️ View Recording
DeployReactTemplateToAzureAppServiceCore	▶️ View Recording
DeployStarterTemplateToAksCore	▶️ View Recording
DeployStarterTemplateToAzureContainerAppsCore	▶️ View Recording
DeployStarterTemplateWithCustomRegistryCore	▶️ View Recording
DeployStarterTemplateWithExistingRegistryCore	▶️ View Recording
DeployStarterTemplateWithKeyVaultPrivateEndpointCore	▶️ View Recording
DeployStarterTemplateWithRedisToAksCore	▶️ View Recording
DeployStarterTemplateWithStorageBlobPrivateEndpointCore	▶️ View Recording
DeployTypeScriptExpressTemplateToAzureContainerAppsCore	▶️ View Recording
DeployVnetKeyVaultInfrastructureCore	▶️ View Recording
DeployVnetSqlServerInfrastructureCore	▶️ View Recording
DeployVnetStorageBlobInfrastructureCore	▶️ View Recording
DeployWithCompactNamingFixesStorageCollisionCore	▶️ View Recording
DeployWithInvalidLocation_ErrorOutputIsCleanCore	▶️ View Recording
UpgradeFromGaToDevDoesNotDuplicateStorageAccountsCore	▶️ View Recording

src/Shared/AzureCredentialHelper.cs

* Refactor DefaultAzureCredential usage Using the parameterless ctor of DefaultAzureCredential is not recommended. Instead try to detect when we are running in Azure and use Azure credentials. Fallback to using just development credentials when we can't detect we are in Azure. Users can always provide their own to override this behavior. * Update to latest Azure.Identity and use the correct ctor now that the parameterless ctor is obsolete. * Update README docs with the latest information.