From 58acc082168cda11541eab5a2f29787f12613d6f Mon Sep 17 00:00:00 2001
From: manvkaur <67894494+manvkaur@users.noreply.github.com>
Date: Fri, 18 Jul 2025 12:09:42 -0700
Subject: [PATCH 1/2] update cosmos auth to use managed identity

---
 ServerlessLibraryAPI/CosmosLibraryStore.cs    | 30 +++++++++++++++----
 .../ServerlessLibraryAPI.csproj               |  8 +++--
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/ServerlessLibraryAPI/CosmosLibraryStore.cs b/ServerlessLibraryAPI/CosmosLibraryStore.cs
index aaf7a61..8841903 100644
--- a/ServerlessLibraryAPI/CosmosLibraryStore.cs
+++ b/ServerlessLibraryAPI/CosmosLibraryStore.cs
@@ -1,8 +1,9 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Azure.Core;
+using Azure.Identity;
 using Microsoft.Azure.Cosmos;
-using Microsoft.Azure.Cosmos.Fluent;
 using ServerlessLibrary.Models;
 
 namespace ServerlessLibrary
@@ -28,7 +29,7 @@ async public Task<IList<LibraryItem>> GetAllItems()
             return libraryItems.ToList();
         }
     }
-    
+
     /// <summary>
     /// Cosmos db APIs
     /// </summary>
@@ -98,10 +99,27 @@ public static void Initialize()
         {
             if (container == null)
             {
-                CosmosClientBuilder cosmosClientBuilder = new CosmosClientBuilder(
-                    ServerlessLibrarySettings.CosmosEndpoint,
-                    ServerlessLibrarySettings.CosmosAuthkey);
-                CosmosClient client = cosmosClientBuilder.Build();
+                CosmosClient client;
+
+                // Check if we have connection strings configured
+                if (!string.IsNullOrEmpty(ServerlessLibrarySettings.CosmosEndpoint) &&
+                    !string.IsNullOrEmpty(ServerlessLibrarySettings.CosmosAuthkey))
+                {
+                    // Use connection string authentication if available
+                    client = new CosmosClient(
+                        ServerlessLibrarySettings.CosmosEndpoint,
+                        ServerlessLibrarySettings.CosmosAuthkey);
+                }
+                else
+                {
+                    // Use DefaultAzureCredential for authentication
+                    string endpoint = ServerlessLibrarySettings.CosmosEndpoint;
+
+                    // Create DefaultAzureCredential with basic options compatible with .NET Core 2.1
+                    TokenCredential credential = new DefaultAzureCredential();
+
+                    client = new CosmosClient(endpoint, credential);
+                }
 
                 DatabaseResponse databaseResponse = client.CreateDatabaseIfNotExistsAsync(DatabaseId).Result;
                 Database database = databaseResponse;
diff --git a/ServerlessLibraryAPI/ServerlessLibraryAPI.csproj b/ServerlessLibraryAPI/ServerlessLibraryAPI.csproj
index 40b76bf..36903ac 100644
--- a/ServerlessLibraryAPI/ServerlessLibraryAPI.csproj
+++ b/ServerlessLibraryAPI/ServerlessLibraryAPI.csproj
@@ -11,16 +11,20 @@
     <ApplicationInsightsAnnotationResourceId>/subscriptions/7c1b7bab-00b2-4cb7-924e-205c4f411810/resourcegroups/Default-ApplicationInsights-EastUS/providers/microsoft.insights/components/ServerlessLibrary</ApplicationInsightsAnnotationResourceId>
     <UserSecretsId>235c2497-239d-47f0-8ea7-af2dd2416d95</UserSecretsId>
     <RootNamespace>ServerlessLibrary</RootNamespace>
+	<SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
+    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Identity" Version="1.5.0" />
     <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.6.1" />
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Razor.Design" Version="2.1.2" PrivateAssets="All" />
     <PackageReference Include="Microsoft.AspNetCore.SpaServices.Extensions" Version="2.1.1" />
-    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.26.1" />
+    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.32.0" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="2.1.1" />
     <PackageReference Include="Microsoft.Extensions.Logging.ApplicationInsights" Version="2.9.1" />
-    <PackageReference Include="System.Configuration.ConfigurationManager" Version="4.7.0" />
+    <PackageReference Include="System.Configuration.ConfigurationManager" Version="6.0.0" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.3" />
   </ItemGroup>
 

From de3c578f823c3389cf3bc30c148c1917214d88f9 Mon Sep 17 00:00:00 2001
From: manvkaur <67894494+manvkaur@users.noreply.github.com>
Date: Mon, 21 Jul 2025 11:59:55 -0700
Subject: [PATCH 2/2] update the flow

---
 ServerlessLibraryAPI/CosmosLibraryStore.cs | 38 ++++++++++++++--------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/ServerlessLibraryAPI/CosmosLibraryStore.cs b/ServerlessLibraryAPI/CosmosLibraryStore.cs
index 8841903..7740fa9 100644
--- a/ServerlessLibraryAPI/CosmosLibraryStore.cs
+++ b/ServerlessLibraryAPI/CosmosLibraryStore.cs
@@ -101,24 +101,34 @@ public static void Initialize()
             {
                 CosmosClient client;
 
-                // Check if we have connection strings configured
-                if (!string.IsNullOrEmpty(ServerlessLibrarySettings.CosmosEndpoint) &&
-                    !string.IsNullOrEmpty(ServerlessLibrarySettings.CosmosAuthkey))
+                // Use DefaultAzureCredential as the default authentication method (recommended for Azure workloads)
+                if (!string.IsNullOrEmpty(ServerlessLibrarySettings.CosmosEndpoint))
                 {
-                    // Use connection string authentication if available
-                    client = new CosmosClient(
-                        ServerlessLibrarySettings.CosmosEndpoint,
-                        ServerlessLibrarySettings.CosmosAuthkey);
+                    try
+                    {
+                        // Create DefaultAzureCredential with basic options compatible with .NET Core 2.1
+                        TokenCredential credential = new DefaultAzureCredential();
+                        client = new CosmosClient(ServerlessLibrarySettings.CosmosEndpoint, credential);
+                    }
+                    catch
+                    {
+                        // Fallback to connection string authentication if DefaultAzureCredential fails
+                        if (!string.IsNullOrEmpty(ServerlessLibrarySettings.CosmosAuthkey))
+                        {
+                            client = new CosmosClient(
+                                ServerlessLibrarySettings.CosmosEndpoint,
+                                ServerlessLibrarySettings.CosmosAuthkey);
+                        }
+                        else
+                        {
+                            throw new System.InvalidOperationException(
+                                "Unable to authenticate with Cosmos DB. Ensure either managed identity is configured or CosmosAuthkey is provided.");
+                        }
+                    }
                 }
                 else
                 {
-                    // Use DefaultAzureCredential for authentication
-                    string endpoint = ServerlessLibrarySettings.CosmosEndpoint;
-
-                    // Create DefaultAzureCredential with basic options compatible with .NET Core 2.1
-                    TokenCredential credential = new DefaultAzureCredential();
-
-                    client = new CosmosClient(endpoint, credential);
+                    throw new System.InvalidOperationException("CosmosEndpoint must be configured.");
                 }
 
                 DatabaseResponse databaseResponse = client.CreateDatabaseIfNotExistsAsync(DatabaseId).Result;