Strategy

Connectivity to Azure services, namely from application code, requires a level of authentication that needs to be addressed in a best-practices manner.

Tactics

The namespace and NuGet package Microsoft.Azure.Services.AppAuthentication contains the class AzureServiceTokenProvider. It's usage and details are documented here.

This class allows "smart" authentication, where it's primary method GetAccessTokenAsync(string resource, string tenantId = null) will attempt to authenticate and get an access token based on the executing environment (detailed in the document).

For example, in a local development environment the class would authenticate using Visual Studio's Azure connection, or the Azure CLI Tools connection. On the other hand, a deployed application to Azure will attempt to connect appropriately in another way, such as using a certificate or a managed identity.

To add to this robustness, the classes behavior can also be overwritten using a specific connection string in an environment variable, AzureServicesAuthConnectionString.