[New article]: Document APIs for creating user-assigned identities

[captainsafia]

Proposed topic or title

Create and use user‑assigned managed identities in .NET Aspire applications

Location in table of contents.

No response

Reason for the article

This recent PR (dotnet/aspire#9130) introduces AzureUserAssignedIdentityResource, the AddAzureUserAssignedIdentity builder helper, and the WithUserAssignedIdentity container‑app extension gives Aspire developers first‑class support for user‑assigned managed identities (UMIs). We'll want to document this so users know they can create their own managed identities for use in Aspire apps.

Article abstract

The new API provides support for creating a managed identity via the AddAzureUserAssignedIdentity API:

var builder = DistributedApplication.CreateBuilder(args);

var sharedMi = builder.AddAzureUserAssignedIdentity("custom‑umi");

Similar to other Azure resources, you can use the PublishAsExisting to reference an existing identity:

var builder = DistributedApplication.CreateBuilder(args);

var miName = builder.AddParameter("miName");
var miResourceGroup = builder.AddParameter("miResourceGroup");

var sharedMi = builder.AddAzureUserAssignedIdentity("custom‑umi")
  .PublishAsExisting(miName, miResourceGroup);

The resources also support the WithRoleAssignments APIs so that you can grant roles between the resource and the identities:

var builder = DistributedApplication.CreateBuilder(args);

var sharedMi = builder.AddAzureUserAssignedIdentity("custom‑umi");

builder.AddAzureKeyVault("secrets")
       .WithRoleAssignments(sharedMi, BuiltInRole.Reader);

Relevant searches

N/A

---

Associated WorkItem - 429904

[IEvangelist]

Hi @captainsafia - is this for 9.3?

[captainsafia]

Yep, the change was just merged in yesterday.