How to Use Managed Identity with ACS?
Overview
ACS is a fully managed(托管)communication platform. By using managed identity with ACS , we can simplify the authentication process for our ACS application, while also increasing its security. Eliminating the need to managed our own access tokens and credentials.
Two identities
ACS supports two types of managed identity to authenticate with the service.
- A System Assigned Identity which is tied to the ACS resource.
- A User Assigned Identity which is an Azure resource that can be assigned to the ACS resource.
How to use managed identity with ACS
- Grant the managed identity access to the ACS resource by the Azure portal, Azure CLI, and the ACS Management SDKs.
- Use the managed identity to authenticate with ACS by the Azure SDKs or REST APIs.
const { EmailClient, KnownEmailSendStatus } = require("@azure/communication-email");
// system assigned
//const { DefaultAzureCredential } = require("@azure/identity"); // user assigned
const { ManagedIdentityCredential } = require("@azure/identity");
const userAssignedClientId = "xxxx"; // 替换为你的用户分配身份的客户端 ID
const endpoint = "xxxx"; // system assigned
//let credential = new DefaultAzureCredential(); // user assigned
let credential = new ManagedIdentityCredential(userAssignedClientId);
// Create an instance of ManagedIdentityCredential with an object ID.
// Options for configuring the resource which makes the access token request;
// Refer to js SDK cosntructor details// Create the email client with authentication
const emailClient = new EmailClient(endpoint, credential);
- Note: There are a few different options available for authentication an email client: Connection String, Microsoft Entra ID, AzureKeyCredential. We use MS Extra ID here.
Reference
- ACS - Enable managed identity
- ACS - Send Email
- JS SDK - ManagedIdentityCredential