Topic: AZ-204 topic 4 question 62

HOTSPOT
-

You are a developer building a web site using a web app. The web site stores configuration data in Azure App Configuration.

Access to Azure App Configuration has been configured to use the identity of the web app for authentication. Security requirements specify that no other authentication systems must be used.

You need to load configuration data from Azure App Configuration.

How should you complete the code? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Re: AZ-204 topic 4 question 62

I think it should be ManagedIdentityCredential:
ManagedIdentityCredential: attempts to authenticate using a managed identity that is assigned to the deployment environment (if any).

DefaultAzureCredential can not be, since only one type of authentication is allowed.
ChainedTokenCredential could work if there is only one authentication type is specified in code.
Source: https://yourazurecoach.com/2020/08/13/managed-identity-simplified-with-the-new-azure-net-sdks/

Re: AZ-204 topic 4 question 62

chatgpt generated code with ManagedIdentityCredential

Re: AZ-204 topic 4 question 62

from azure.identity import DefaultAzureCredential
from azure.appconfiguration import AzureAppConfigurationClient

credential = DefaultAzureCredential()

client = AzureAppConfigurationClient(base_url="your_endpoint_url", credential=credential)

Re: AZ-204 topic 4 question 62

I think it should be DefaultAzureCredential. Check DefaultAzureCredential section at
https://learn.microsoft.com/en-us/python/api/overview/azure/identity-readme?view=azure-python

DefaultAzureCredential is appropriate for most applications which will run in the Azure Cloud because it combines common production credentials with development credentials

Managed Identity - If the application is deployed to an Azure host with Managed Identity enabled, DefaultAzureCredential will authenticate with it.

Re: AZ-204 topic 4 question 62

I disagree, if they used options (https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredentialoptions?view=azure-dotnet-preview) they could exclude unwanted auth methods, but it's not in the code. Otherwise "It is not always clear what authentication method got executed".

Question states that "configured to use the identity" so I think it's ManagedIdentityCredential in place of azure default.

Re: AZ-204 topic 4 question 62

JamieS you are right. It should be ManagedIdentityCredential. I overlooked .. "Security requirements specify that no other authentication systems must be used".

Re: AZ-204 topic 4 question 62

Answer is correct. It is here:
https://learn.microsoft.com/en-us/python/api/overview/azure/appconfiguration-readme?view=azure-python#create-a-client

Re: AZ-204 topic 4 question 62

It works, but does not meet question requirements because DefaultAzureCredential will try other auth methods too

Re: AZ-204 topic 4 question 62

great catch! thanks

Re: AZ-204 topic 4 question 62

ManagedIdentityCredential > AddAzureAppconfig > ManagedIdentityCredential > AdAzureAppConf

  • Weam
  • New member
  • Offline

Re: AZ-204 topic 4 question 62

ManagedIdentityCredential according to the following link : https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.managedidentitycredential?view=azure-python
We use ManagedIdentityCredential with apps or resources that support ManagedIdentityCredential.

Re: AZ-204 topic 4 question 62

This question is not updated with the latest Microsoft docs.
The 2nd and 4th answers are not correct, and are not present in DDL.
Here the right Python code:

from azure.identity import DefaultAzureCredential
from azure.appconfiguration import AzureAppConfigurationClient

credential = DefaultAzureCredential()

client = AzureAppConfigurationClient(base_url="your_endpoint_url", credential=credential)

https://learn.microsoft.com/en-us/python/api/overview/azure/appconfiguration-readme?view=azure-python#create-a-client

Re: AZ-204 topic 4 question 62

And why the hell did Microsoft decide to include Python code in the exam?

Re: AZ-204 topic 4 question 62

To load configuration data from Azure App Configuration using the identity of the web app for authentication, you would typically use the ManagedIdentityCredential class for authentication. Here's how you should complete the code:

from azure.identity import ManagedIdentityCredential
from azure.appconfiguration import AzureAppConfigurationClient

credential = ManagedIdentityCredential()

client = AzureAppConfigurationClient(base_url="your_endpoint_url", credential=credential)

Re: AZ-204 topic 4 question 62

Should be ManagedIdentity because "...configured to use the identity of the web app for authentication. Security requirements specify that no other authentication systems must be used."

Re: AZ-204 topic 4 question 62

DefaultAzureCredentials will try different authentication, ie. it will use AZ, Visual Studio, ManagedIdentity, and so on until one succeeds

Re: AZ-204 topic 4 question 62

Note that the DefaultAzureCredential is used to authenticate using the identity of the web app. This credential provider tries multiple authentication methods (e.g. environment variables, Azure Managed Identity, Azure CLI) until it finds a suitable one. In this way, you can ensure that no other authentication systems are used
Above ans are correct.

Re: AZ-204 topic 4 question 62

It should be ManagedIdentityCredential.

Managed identity authentication is supported via either the DefaultAzureCredential or the ManagedIdentityCredential directly for the following Azure services:
Example:
from azure.identity import ManagedIdentityCredential
from azure.keyvault.secrets import SecretClient

credential = ManagedIdentityCredential()
client = SecretClient("https://my-vault.vault.azure.net", credential)

Reference: https://github.com/Azure/azure-sdk-for-python/tree/azure-appconfiguration_1.4.0/sdk/identity/azure-identity

Re: AZ-204 topic 4 question 62

Correct one is ManagedIdentityCredential 110% Sure !

Re: AZ-204 topic 4 question 62

Can you explain please?

Re: AZ-204 topic 4 question 62

What is the right answer then? everyone thrown some kitchen sink.. pls keep it simple.

Re: AZ-204 topic 4 question 62

from azure.identity import DefaultAzureCredential
from azure.appconfiguration import AzureAppConfigurationClient

credential = DefaultAzureCredential()

client = AzureAppConfigurationClient(base_url="your_endpoint_url", credential=credential)

https://learn.microsoft.com/en-us/python/api/overview/azure/appconfiguration-readme?view=azure-python#create-a-client

Re: AZ-204 topic 4 question 62

The options are wrong https://learn.microsoft.com/en-us/python/api/overview/azure/appconfiguration-readme?view=azure-python

from azure.identity import DefaultAzureCredential
from azure.appconfiguration import AzureAppConfigurationClient

credential = DefaultAzureCredential()

client = AzureAppConfigurationClient(base_url="your_endpoint_url", credential=credential)

Re: AZ-204 topic 4 question 62

@adilkhan
can you please provide right answers. your comment starts with answers being wrong and  you are providing the same answers mentioned