feat: default axure credential

Author: BenjaminMichaelis

EssentialCSharp.Chat.Shared/EssentialCSharp.Chat.Common.csproj

@@ -5,6 +5,7 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Microsoft.SemanticKernel" />
     <PackageReference Include="Microsoft.SemanticKernel.Connectors.PgVector" />
     <PackageReference Include="ModelContextProtocol" />

EssentialCSharp.Chat.Shared/Extensions/ServiceCollectionExtensions.cs

@@ -1,4 +1,6 @@
 using Azure.AI.OpenAI;
+using Azure.Core;
+using Azure.Identity;
 using EssentialCSharp.Chat.Common.Services;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -9,38 +11,52 @@ namespace EssentialCSharp.Chat.Common.Extensions;
 public static class ServiceCollectionExtensions
 {
     /// <summary>
-    /// Adds Azure OpenAI and related AI services to the service collection
+    /// Adds Azure OpenAI and related AI services to the service collection using Managed Identity
     /// </summary>
     /// <param name="services">The service collection to add services to</param>
     /// <param name="aiOptions">The AI configuration options</param>
     /// <param name="postgresConnectionString">The PostgreSQL connection string for the vector store</param>
+    /// <param name="credential">The token credential to use for authentication. If null, DefaultAzureCredential will be used.</param>
     /// <returns>The service collection for chaining</returns>
-    public static IServiceCollection AddAzureOpenAIServices(this IServiceCollection services, AIOptions aiOptions, string postgresConnectionString)
+    public static IServiceCollection AddAzureOpenAIServices(
+        this IServiceCollection services,
+        AIOptions aiOptions,
+        string postgresConnectionString,
+        TokenCredential? credential = null)
     {
-        if (string.IsNullOrEmpty(aiOptions.Endpoint) ||
-            string.IsNullOrEmpty(aiOptions.ApiKey))
-            // Register Azure OpenAI services
+        // Use DefaultAzureCredential if no credential is provided
+        // This works both locally (using Azure CLI, Visual Studio, etc.) and in Azure (using Managed Identity)
+        credential ??= new DefaultAzureCredential();
+
+        if (string.IsNullOrEmpty(aiOptions.Endpoint))
+        {
+            throw new InvalidOperationException("AIOptions.Endpoint is required.");
+        }
+
+        var endpoint = new Uri(aiOptions.Endpoint);
+
+        // Register Azure OpenAI services with Managed Identity authentication
 #pragma warning disable SKEXP0010 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
         services.AddAzureOpenAIChatClient(
             aiOptions.ChatDeploymentName,
-            aiOptions.Endpoint,
-            aiOptions.ApiKey);
+            endpoint.ToString(),
+            credential);
 
         services.AddSingleton(provider =>
-            new AzureOpenAIClient(new Uri(aiOptions.Endpoint), new Azure.AzureKeyCredential(aiOptions.ApiKey)));
+            new AzureOpenAIClient(endpoint, credential));
 
         services.AddAzureOpenAIChatCompletion(
             aiOptions.ChatDeploymentName,
             aiOptions.Endpoint,
-            aiOptions.ApiKey);
+            credential);
 
         // Add PostgreSQL vector store
         services.AddPostgresVectorStore(postgresConnectionString);
 
         services.AddAzureOpenAIEmbeddingGenerator(
             aiOptions.VectorGenerationDeploymentName,
             aiOptions.Endpoint,
-            aiOptions.ApiKey);
+            credential);
 #pragma warning restore SKEXP0010
 
         // Register shared AI services
@@ -57,8 +73,12 @@ public static IServiceCollection AddAzureOpenAIServices(this IServiceCollection
     /// </summary>
     /// <param name="services">The service collection to add services to</param>
     /// <param name="configuration">The configuration to read AIOptions from</param>
+    /// <param name="credential">Optional token credential to use for authentication. If null, DefaultAzureCredential will be used.</param>
     /// <returns>The service collection for chaining</returns>
-    public static IServiceCollection AddAzureOpenAIServices(this IServiceCollection services, IConfiguration configuration)
+    public static IServiceCollection AddAzureOpenAIServices(
+        this IServiceCollection services,
+        IConfiguration configuration,
+        TokenCredential? credential = null)
     {
         // Configure AI options from configuration
         services.Configure<AIOptions>(configuration.GetSection("AIOptions"));
@@ -73,6 +93,66 @@ public static IServiceCollection AddAzureOpenAIServices(this IServiceCollection
         var postgresConnectionString = configuration.GetConnectionString("PostgresVectorStore") ??
             throw new InvalidOperationException("Connection string 'PostgresVectorStore' not found.");
 
-        return services.AddAzureOpenAIServices(aiOptions, postgresConnectionString);
+        return services.AddAzureOpenAIServices(aiOptions, postgresConnectionString, credential);
+    }
+
+    /// <summary>
+    /// Adds Azure OpenAI and related AI services to the service collection using API key authentication (legacy)
+    /// </summary>
+    /// <param name="services">The service collection to add services to</param>
+    /// <param name="aiOptions">The AI configuration options</param>
+    /// <param name="postgresConnectionString">The PostgreSQL connection string for the vector store</param>
+    /// <param name="apiKey">The API key for Azure OpenAI authentication</param>
+    /// <returns>The service collection for chaining</returns>
+    [Obsolete("API key authentication is not recommended for production. Use AddAzureOpenAIServices with Managed Identity instead.")]
+    public static IServiceCollection AddAzureOpenAIServicesWithApiKey(
+        this IServiceCollection services,
+        AIOptions aiOptions,
+        string postgresConnectionString,
+        string apiKey)
+    {
+        if (string.IsNullOrEmpty(apiKey))
+        {
+            throw new ArgumentException("API key cannot be null or empty.", nameof(apiKey));
+        }
+
+        if (string.IsNullOrEmpty(aiOptions.Endpoint))
+        {
+            throw new InvalidOperationException("AIOptions.Endpoint is required.");
+        }
+
+        var endpoint = new Uri(aiOptions.Endpoint);
+
+        // Register Azure OpenAI services with API key authentication
+#pragma warning disable SKEXP0010 // Type is for evaluation purposes only and is subject to change or removal in future updates. Suppress this diagnostic to proceed.
+        services.AddAzureOpenAIChatClient(
+            aiOptions.ChatDeploymentName,
+            aiOptions.Endpoint,
+            apiKey);
+
+        services.AddSingleton(provider =>
+            new AzureOpenAIClient(endpoint, new Azure.AzureKeyCredential(apiKey)));
+
+        services.AddAzureOpenAIChatCompletion(
+            aiOptions.ChatDeploymentName,
+            aiOptions.Endpoint,
+            apiKey);
+
+        // Add PostgreSQL vector store
+        services.AddPostgresVectorStore(postgresConnectionString);
+
+        services.AddAzureOpenAIEmbeddingGenerator(
+            aiOptions.VectorGenerationDeploymentName,
+            aiOptions.Endpoint,
+            apiKey);
+#pragma warning restore SKEXP0010
+
+        // Register shared AI services
+        services.AddSingleton<EmbeddingService>();
+        services.AddSingleton<AISearchService>();
+        services.AddSingleton<AIChatService>();
+        services.AddSingleton<MarkdownChunkingService>();
+
+        return services;
     }
 }

EssentialCSharp.Web/EssentialCSharp.Web.csproj

@@ -14,7 +14,6 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Azure.Monitor.OpenTelemetry.AspNetCore" />
     <PackageReference Include="AspNet.Security.OAuth.GitHub" />
     <PackageReference Include="EssentialCSharp.Shared.Models" />