CredentialDescription Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Description of a credential. Credentials are used to prove the identity of the application (See ClientCredentials), or to decrypt tokens (See TokenDecryptionCredentials). Credentials can be secrets (client secrets), certificates, or signed assertions. They can be stored or provided in a variety of ways, and this class provides a way to describe them. The description is then used by Microsoft.Identity.Web to retrieve the credential. (See the DefaultCredentialProvider class)
public class CredentialDescription
type CredentialDescription = class
Public Class CredentialDescription
- Inheritance
-
CredentialDescription
- Derived
Constructors
CredentialDescription() |
Properties
Base64EncodedValue |
When SourceType is Base64Encoded, specifies the base64 encoded value of the certificate. |
CachedValue |
When the credential is retrieved by a ICredentialsLoader, it will be stored in this property, where you can retrieve it. If the credential is a certificate, it will also be stored in the Certificate property. |
Certificate |
When SourceType is Certificate, you will use this property to provide the certificate yourself. When SourceType is Base64Encoded or KeyVault or Path or StoreWithDistinguishedName or StoreWithThumbprint after the certificate is retrieved by a ICredentialsLoader, it will be stored in this property and also in the CachedValue. |
CertificateDiskPath |
When SourceType is Path, specifies the path to the certificate on disk. You can use this property to specify the path to a PFX file containing the certificate and its private key. If a password is needed, use CertificatePassword. |
CertificateDistinguishedName |
When SourceType is StoreWithDistinguishedName, specifies the distinguished name of the certificate in the store specified by CertificateStorePath. |
CertificatePassword |
When SourceType is Path, specifies the password to use to access the certificate which path is specified by CertificateDiskPath. Only use this property if the certificate is protected by a password. |
CertificateStorePath |
When SourceType is StoreWithDistinguishedName or
StoreWithThumbprint, specifies the certificate store from which to extract
the certificate. The format is the concatenation of a value of StoreLocation and a value of StoreName
separated by a slash. For instance, use |
CertificateThumbprint |
When SourceType is StoreWithThumbprint specifies the thumbprint of the certificate to extract from the certificate store specified by CertificateStorePath. |
ClientSecret |
When SourceType is ClientSecret, describes the client secret to use as a client credential in a confidential client application. The client secret is a string known only to the application and the identity provider. It needs to match the value configured during the application registration. |
Container |
Container in which to find the credential. You will normally not use this property directly. It could be used by property editors in tools or IDEs. Instead, use the properties that are specific to the SourceType. |
CredentialType |
Describes the type of credentials, based on the SourceType. |
DecryptKeysAuthenticationOptions |
When SourceType is AutoDecryptKeys, this property describes the authority to use to get a token for a web API to get the keys used to decrypt an encrypted token. The cloud instance will be the same as the application, but the application can be a multi-tenant application (tenant = common or organizations), and in this case to get a token on behalf of itself, the credential type needs to provide a tenant. More generally you might want to specify authentication options, including protocol, PopKey, etc ... This credential description is only used for decrypt credentials, not for client credentials. |
Id |
Gets a unique identifier for a CredentialDescription based on SourceType and ReferenceOrValue. |
KeyVaultCertificateName |
When SourceType is KeyVault, use this property to specify the the name of the certificate in Key Vault in conjunction with KeyVaultUrl. |
KeyVaultUrl |
When SourceType is KeyVault, use this property to specify the URL of the Key Vault containing the certificate, in conjunction with KeyVaultCertificateName. |
ManagedIdentityClientId |
When SourceType is SignedAssertionFromManagedIdentity, it specifies the client ID of the Azure user-assigned managed identity used to provide a signed assertion to act as a client credential for the application. This requires that the application is deployed on Azure, that the managed identity is configured, and that workload identity federation with the managed identity is declared in the application registration. For details, see https://zcusa.951200.xyz/azure/active-directory/workload-identities/workload-identity-federation. |
ReferenceOrValue |
Reference to the certificate or value. You will normally not use this property directly. It could be used by property editors in tools or IDEs. Instead, use the properties that are specific to the SourceType. |
SignedAssertionFileDiskPath |
When SourceType is SignedAssertionFilePath, optionally specifies the path on disk of a file containing a signed assertion used as a client assertion for the confidential client application. The signed assertion file is a file containing a signed JWT assertion that is used as a client credential. You will usually use this option when you want to integrate with workload identity federation with Azure Kubernetes Service (AKS). For details, see https://zcusa.951200.xyz/azure/active-directory/workload-identities/workload-identity-federation. |
Skip |
Skip this credential description. This is useful when, you specify a list of credentials, some of which don't apply in a particular deployment. It will also be used by the ICredentialsLoader if it cannot find or load the credential. |
SourceType |
Type of the source of the credential. This property is used to determine which other properties need to be provided to describe the credential. |
TokenExchangeUrl |
(Microsoft Entra specific) Value that can be used to configure the token exchange resource url in the case of federation identity credentials with Managed identity. |