The Microsoft.Azure.StackExchangeRedis package is an extension for the StackExchange.Redis client library that enables using Microsoft Entra ID to authenticate connections from a Redis client application to an Azure Cache for Redis resource. This extension acquires an access token for an Azure managed identity or service principal and configures a StackExchange.Redis connection to use the token for authentication. It also maintains the token, proactively refreshing it and re-authenticating the connection to maintain uninterrupted communication with the cache over multiple days.
See sample/Sample.cs for detailed examples of how to use the extension for all supported authentication scenarios.
High level instructions:
Add a reference to the Microsoft.Azure.StackExchangeRedis NuGet package in your Redis client project.
In your Redis connection code, first create a ConfigurationOptions
instance. You can use the .Parse()
method to create an instance from a Redis connection string or the cache host name alone.
var configurationOptions = ConfigurationOptions.Parse($"{cacheHostName}:6380");
// DefaultAzureCredential
await configurationOptions.ConfigureForAzureWithTokenCredentialAsync(new DefaultAzureCredential());
// User-assigned managed identity
await configurationOptions.ConfigureForAzureWithUserAssignedManagedIdentityAsync(managedIdentityClientId);
// System-assigned managed identity
await configurationOptions.ConfigureForAzureWithSystemAssignedManagedIdentityAsync();
// Service principal secret
await configurationOptions.ConfigureForAzureWithServicePrincipalAsync(clientId, tenantId, secret);
// Service principal certificate
await configurationOptions.ConfigureForAzureWithServicePrincipalAsync(clientId, tenantId, certificate);
// Service principal certificate with Subject Name + Issuer (SNI) authentication (Microsoft internal use only)
await configurationOptions.ConfigureForAzureAsync(new AzureCacheOptions
{
ClientId = clientId,
ServicePrincipalTenantId = tenantId,
ServicePrincipalCertificate = certificate,
SendX5C = true // Enables Subject Name + Issuer authentication
});
ConfigurationOptions
instancevar connectionMultiplexer = await ConnectionMultiplexer.ConnectAsync(configurationOptions);
connectionMultiplexer
to interact with Redis as you normally would. The sample directory contains a project showing how to connect to an Azure Redis cache using the various authentication mechanisms supported by this extension. Borrow code from this sample for your own project, or simply run it to test the authentication configuration on your cache. It will prompt you for the type of authentication to use and the specific credentials needed. To run the sample:
DefaultAzureCredential
authentication, ensure that either an Azure user is signed on the machine where you're running your code, or environment variables have been set to supply Azure credentials. For details see: How to authenticate .NET apps to Azure services using the .NET Azure SDK. dotnet run <path to Microsoft.Azure.StackExchangeRedis.Sample.csproj>
, or run the project in Visual Studio or your favorite IDENOTE: The sample project uses a <ProjectReference>
to the extension project in this repo. To run the project on its own using the released Microsoft.Azure.StackExchangeRedis NuGet package, replace the <ProjectReference>
in Microsoft.Azure.StackExchangeRedis.Sample.csproj
with a <PackageReference>
.
Please read our CONTRIBUTING.md which outlines all of our policies, procedures, and requirements for contributing to this project.
We use SemVer for versioning. For the versions available, see the releases.
This project is licensed under the MIT License - see the LICENSE file for details.