.netazuremicrosoft-entra-idsecretsazure-entra-id

.NET - Use entra id managed identity locally


I have a question about managed identity in Azure and it works fine. I would like to test the application locally and I know that I just need to set AZURE_CLIENT_ID, AZURE_TENANT_ID and AZURE_CLIENT_SECRET in the launchsettings. This makes everything work great. But my problem is that there are multiple people working on the project and each has their own application entra id and therefore different settings too.

Of course it is possible to add more profiles, but then the secrets would be shared across the repository and I don't like that very much. Adding launchsettings to git ignore doesn't seem very handy to me either. I've tried using secrets (but somehow I can't create a transform there) - this may just be my fault for setting it up wrong.

I would like to be able to have each user have their own set up, but not share h on across repostiroy

Is there a solution? Or how do you approach this problem? Thanks a lot


Solution

  • You can narrow the problem down to how to configure AZURE_CLIENT_SECRET locally on developer's machine without committing to git.

    The answer is, configure it in user secrets instead launchsettings.json.

    Explanation:

    A typical sequence of configuration providers is:

    1. appsettings.json
    2. appsettings.{Environment}.json
    3. User secrets
    4. Environment variables using the Environment Variables configuration provider.
    5. Command-line arguments using the Command-line configuration provider.

    The preceding sequence of providers is used in the default configuration.

    see https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-8.0#configuration-providers

    if you put the settings to launchsetting.json, they will passed as environment variables, so it overwrites any user secrets.

    Instead, add those keys to applicationsettings.json and leave a comment that it should be configured in user secrets.

    For example:

    { 
      "AZURE_TENANT_ID": "1b7d6e4a-de27-4867-b238-000000000000",
      "AZURE_CLIENT_ID": "2cdac4ac-c9a0-4b11-845c-000000000000",
      "AZURE_CLIENT_SECRET": //todo: configure in user secrets
    }