Skip to content

Add Entra ID (Azure Active Directory) authentication support #3054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
harsimar merged 5 commits into from
Dec 19, 2025
Merged

Add Entra ID (Azure Active Directory) authentication support #3054

harsimar merged 5 commits into from
Dec 19, 2025

Conversation

@rajkumar-rangaraj
Copy link
Member

@rajkumar-rangaraj rajkumar-rangaraj commented Dec 19, 2025

Summary

This PR adds support for Entra ID (formerly Azure Active Directory) authentication to Application Insights .NET SDK using Azure.Core.TokenCredential. This enables authentication using managed identities, service principals, and other Azure credential types instead of relying solely on instrumentation key-based authentication.

Changes

Public API Additions

  • Microsoft.ApplicationInsights: Added SetAzureTokenCredential(TokenCredential) public method to TelemetryConfiguration
  • Microsoft.ApplicationInsights.AspNetCore: Added Credential property to ApplicationInsightsServiceOptions
  • Microsoft.ApplicationInsights.WorkerService: Added Credential property to ApplicationInsightsServiceOptions

Implementation

  • Flows credential from ApplicationInsightsServiceOptions.Credential to AzureMonitorExporterOptions.Credential in both AspNetCore and WorkerService packages
  • TelemetryConfiguration.SetAzureTokenCredential() method configures credential for non-DI scenarios (WEB, NLog)
  • Added using Azure.Monitor.OpenTelemetry.Exporter to TelemetryConfiguration.cs

Documentation

  • Added AAD authentication section to WEB/Src/Web/README.md with Global.asax.cs example
  • Added AAD authentication section to LOGGING/README.md for NLog users
  • Updated examples:
    • examples/ClassicAspNetWebApp/Global.asax.cs
    • examples/NLogConsoleApp/Program.cs

Tests

  • TelemetryConfigurationAadTests.cs: Tests for SetAzureTokenCredential method validation and lifecycle
  • ApplicationInsightsServiceOptionsTests.cs: Tests for Credential property and CopyPropertiesTo method
  • ApplicationInsightsAadIntegrationTests.cs: Integration tests for AspNetCore credential flow
  • WorkerServiceAadIntegrationTests.cs: Integration tests for WorkerService credential flow
  • All tests passing (16 tests across 4 target frameworks: net8.0, net9.0, net10.0, net462)

PublicAPI Updates

  • Updated PublicAPI.Unshipped.txt files for Microsoft.ApplicationInsights, Microsoft.ApplicationInsights.AspNetCore, and Microsoft.ApplicationInsights.WorkerService

Usage Examples

AspNetCore / WorkerService (DI-based)

services.AddApplicationInsightsTelemetry(options =>
{
    options.ConnectionString = "InstrumentationKey=...;IngestionEndpoint=...";
    options.Credential = new DefaultAzureCredential();
});

Classic ASP.NET (WEB)

var telemetryConfig = TelemetryConfiguration.CreateDefault();
telemetryConfig.ConnectionString = "InstrumentationKey=...;IngestionEndpoint=...";
telemetryConfig.SetAzureTokenCredential(new DefaultAzureCredential());

NLog

var telemetryConfig = TelemetryConfiguration.CreateDefault();
telemetryConfig.ConnectionString = "InstrumentationKey=...;IngestionEndpoint=...";
telemetryConfig.SetAzureTokenCredential(new DefaultAzureCredential());

var logger = LogManager.GetCurrentClassLogger();

Copilot AI review requested due to automatic review settings December 19, 2025 20:14
Copilot AI reviewed Dec 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for Entra ID (formerly Azure Active Directory) authentication to Application Insights .NET SDK using Azure.Core.TokenCredential. This enables authentication using managed identities, service principals, and other Azure credential types instead of relying solely on instrumentation key-based authentication.

Key Changes:

  • Added public API SetAzureTokenCredential(TokenCredential) method to TelemetryConfiguration for non-DI scenarios
  • Added Credential property to ApplicationInsightsServiceOptions in AspNetCore and WorkerService packages
  • Implemented credential flow from service options to Azure Monitor Exporter in both packages

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
BASE/src/Microsoft.ApplicationInsights/Extensibility/TelemetryConfiguration.cs Added public SetAzureTokenCredential method to configure credentials in non-DI scenarios, using ConfigureOpenTelemetryBuilder to flow credentials to Azure Monitor Exporter
NETCORE/src/Shared/Extensions/ApplicationInsightsServiceOptions.cs Added Credential property and updated CopyPropertiesTo to include credential copying
NETCORE/src/Microsoft.ApplicationInsights.AspNetCore/Extensions/ApplicationInsightsExtensions.cs Added credential flow logic to copy credentials from service options to Azure Monitor Exporter options
NETCORE/src/Microsoft.ApplicationInsights.WorkerService/ApplicationInsightsExtensions.cs Added credential flow logic to copy credentials from service options to Azure Monitor Exporter options
BASE/Test/Microsoft.ApplicationInsights.Test/Microsoft.ApplicationInsights.Tests/TelemetryConfigurationAadTests.cs Added comprehensive unit tests for SetAzureTokenCredential method including validation and lifecycle tests
NETCORE/test/Microsoft.ApplicationInsights.AspNetCore.Tests/Extensions/ApplicationInsightsServiceOptionsTests.cs Added tests for Credential property getter/setter and CopyPropertiesTo method
NETCORE/test/Microsoft.ApplicationInsights.AspNetCore.Tests/Extensions/ApplicationInsightsAadIntegrationTests.cs Added integration tests verifying credential flow from service options to exporter in AspNetCore
NETCORE/test/Microsoft.ApplicationInsights.WorkerService.Tests/WorkerServiceAadIntegrationTests.cs Added integration tests verifying credential flow from service options to exporter in WorkerService
WEB/Src/Web/README.md Added documentation section explaining AAD authentication configuration with code example
LOGGING/README.md Added documentation section explaining AAD authentication with NLog including code example
examples/ClassicAspNetWebApp/Global.asax.cs Added commented example showing how to configure AAD authentication in classic ASP.NET
examples/NLogConsoleApp/Program.cs Added commented example showing how to configure AAD authentication with NLog
CHANGELOG.md Added entry documenting the new Entra ID authentication support feature
.publicApi/*.txt Updated public API surface files to reflect new public members across affected packages

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@harsimar harsimar merged commit 51ecd1e into main Dec 19, 2025
22 checks passed
@harsimar harsimar deleted the rajrang/aad branch December 19, 2025 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@harsimar harsimar harsimar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rajkumar-rangaraj @harsimar