CasCap.Api.Azure.Auth
1.4.12
Prefix Reserved
dotnet add package CasCap.Api.Azure.Auth --version 1.4.12
NuGet\Install-Package CasCap.Api.Azure.Auth -Version 1.4.12
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="CasCap.Api.Azure.Auth" Version="1.4.12" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="CasCap.Api.Azure.Auth" Version="1.4.12" />
<PackageReference Include="CasCap.Api.Azure.Auth" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add CasCap.Api.Azure.Auth --version 1.4.12
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: CasCap.Api.Azure.Auth, 1.4.12"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package CasCap.Api.Azure.Auth@1.4.12
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=CasCap.Api.Azure.Auth&version=1.4.12
#tool nuget:?package=CasCap.Api.Azure.Auth&version=1.4.12
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
CasCap.Api.Azure.Auth
Helper library for Azure authentication. Provides a factory for creating TokenCredential instances from certificate-based configuration properties and an abstraction for Azure Key Vault and Entra ID settings.
Installation
dotnet add package CasCap.Api.Azure.Auth
Target frameworks: net8.0, net9.0, net10.0
Services / Extensions
| Type | Name | Description |
|---|---|---|
| Interface | IAzureAuthConfig |
Exposes Azure authentication configuration: Key Vault name/URI, Entra ID tenant/application IDs, certificate thumbprint or PFX path/password, and a lazily-resolved TokenCredential. Provides IsKeyVaultEnabled to allow Key Vault-free operation. |
| Static factory | TokenCredentialExtensions |
Creates ClientCertificateCredential from IAzureAuthConfig properties (certificate thumbprint or PFX file). |
Key Methods
TokenCredentialExtensions.IsPodManagedIdentity— Checks whether the current pod is using Azure workload identity (federated tokens).TokenCredentialExtensions.CreateTokenCredential(IAzureAuthConfig)— Creates aClientCertificateCredentialfrom the certificate properties in the configuration, or returnsnullif no certificate is available.
Configuration
| Class | Section | Properties |
|---|---|---|
AzureAuthConfig |
AppConfig |
KeyVaultName (required), IsKeyVaultEnabled (computed), AzureEntraPodManagedIdentityClientId, AzureEntraTenantId, AzureEntraApplicationId, AzureEntraCertThumbprint, AzureEntraPfxPath, AzureEntraPfxPassword |
AzureAuthConfig implements both IAppConfig and IAzureAuthConfig. The TokenCredential property is lazily created from the certificate properties via TokenCredentialExtensions.
Running Without Key Vault
Set KeyVaultName to "skip" (case-insensitive) to disable Key Vault integration entirely. When IsKeyVaultEnabled returns false:
- The application skips adding Azure Key Vault as a configuration source at startup.
TokenCredentialis not resolved (no certificate lookup is attempted).- Secrets must be supplied via alternative configuration sources (environment variables, user secrets, or
appsettings.json). - Sink services that use
StorageExtensions.CreateTableClient()automatically fall back to connection strings when the connection string contains;(e.g. Azurite emulator).
Override via any configuration source:
- Environment variable:
AppConfig__KeyVaultName=skip - User secrets:
{ "AppConfig": { "KeyVaultName": "skip" } } - appsettings override: same JSON shape
Data Flow
TokenCredential creation from configuration:
flowchart TD
CONFIG["AzureAuthConfig<br/>(IAzureAuthConfig)"]
subgraph Detection["Environment Detection"]
POD_CHECK{"IsPodManagedIdentity()?<br/>(Azure Workload Identity)"}
WORKLOAD["WorkloadIdentityCredential<br/>(Federated token from pod)"]
end
subgraph CertificateSource["Certificate Source"]
THUMBPRINT{"CertThumbprint<br/>provided?"}
PFX{"PfxPath +<br/>PfxPassword<br/>provided?"}
STORE["X509Store<br/>(LocalMachine\\My)"]
FILE["X509Certificate2<br/>(from PFX file)"]
end
CREDENTIAL["ClientCertificateCredential"]
NULL["null<br/>(no credential)"]
subgraph AzureServices["Azure Services"]
KV["Key Vault"]
STORAGE["Storage"]
EH["Event Hub"]
SB["Service Bus"]
end
CONFIG --> SKIP_CHECK{"KeyVaultName<br/>= 'skip'?"}
SKIP_CHECK -->|"Yes"| NULL
SKIP_CHECK -->|"No"| POD_CHECK
POD_CHECK -->|"Yes"| WORKLOAD
POD_CHECK -->|"No"| THUMBPRINT
THUMBPRINT -->|"Yes"| STORE
THUMBPRINT -->|"No"| PFX
PFX -->|"Yes"| FILE
PFX -->|"No"| NULL
STORE --> CREDENTIAL
FILE --> CREDENTIAL
WORKLOAD --> KV
WORKLOAD --> STORAGE
WORKLOAD --> EH
WORKLOAD --> SB
CREDENTIAL --> KV
CREDENTIAL --> STORAGE
CREDENTIAL --> EH
CREDENTIAL --> SB
Credential Resolution Priority:
- Skip sentinel —
KeyVaultName = "skip"→null(no credential, no Key Vault) - Azure Workload Identity (Kubernetes pod with federated token) — auto-detected
- Certificate thumbprint — searches
LocalMachine\Mycertificate store - PFX file — loads certificate from path with password
- null — no credential available
Dependencies
NuGet Packages
| Package |
|---|
| Azure.Identity |
| CasCap.Common.Abstractions |
| CasCap.Common.Extensions |
| CasCap.Common.Logging |
Project References
None.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net10.0
- Azure.Identity (>= 1.21.0)
- CasCap.Common.Abstractions (>= 4.11.8)
- CasCap.Common.Extensions (>= 4.11.8)
- CasCap.Common.Logging (>= 4.11.8)
-
net8.0
- Azure.Identity (>= 1.21.0)
- CasCap.Common.Abstractions (>= 4.11.8)
- CasCap.Common.Extensions (>= 4.11.8)
- CasCap.Common.Logging (>= 4.11.8)
-
net9.0
- Azure.Identity (>= 1.21.0)
- CasCap.Common.Abstractions (>= 4.11.8)
- CasCap.Common.Extensions (>= 4.11.8)
- CasCap.Common.Logging (>= 4.11.8)
NuGet packages (4)
Showing the top 4 NuGet packages that depend on CasCap.Api.Azure.Auth:
| Package | Downloads |
|---|---|
|
CasCap.Api.Buderus.Sinks
Pluggable event sink implementations (Redis, Azure Tables) for the CasCap.Api.Buderus heating integration library. |
|
|
CasCap.Api.DoorBird.Sinks
Pluggable event sink implementations (Redis, Azure Tables, Azure Blob Storage) for the CasCap.Api.DoorBird door station integration library. |
|
|
CasCap.Api.Knx.Sinks
Pluggable event sink implementations (Redis, Azure Tables) for the CasCap.Api.Knx building automation integration library. |
|
|
CasCap.Api.Fronius.Sinks
Pluggable event sink implementations (Redis, Azure Tables) for the CasCap.Api.Fronius solar inverter integration library. |
GitHub repositories
This package is not used by any popular GitHub repositories.