From d286c247e03cb6e734d514d58aa58d4811465f9f Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Tue, 28 Jan 2025 15:27:00 -0600
Subject: [PATCH 1/8] Improve credential reuse code sample for ASP.NET Core

---
 .openpublishing.redirection.azure.json        |  4 ++++
 ...on-best-practices.md => best-practices.md} |  4 ++--
 .../authentication/best-practices/Program.cs  | 22 ++++++++++++-------
 3 files changed, 20 insertions(+), 10 deletions(-)
 rename docs/azure/sdk/authentication/{authentication-best-practices.md => best-practices.md} (97%)

diff --git a/.openpublishing.redirection.azure.json b/.openpublishing.redirection.azure.json
index d5f59ae803c4f..700958535b979 100644
--- a/.openpublishing.redirection.azure.json
+++ b/.openpublishing.redirection.azure.json
@@ -123,6 +123,10 @@
         {
             "source_path_from_root": "/docs/azure/sdk/azure-sdk-configure-proxy.md",
             "redirect_url": "/dotnet/azure/sdk/configure-proxy"
+        },
+        {
+            "source_path_from_root": "/docs/azure/authentication/authentication-best-practices.md",
+            "redirect_url": "/dotnet/azure/sdk/authentication/best-practices"
         }
     ]
 }
diff --git a/docs/azure/sdk/authentication/authentication-best-practices.md b/docs/azure/sdk/authentication/best-practices.md
similarity index 97%
rename from docs/azure/sdk/authentication/authentication-best-practices.md
rename to docs/azure/sdk/authentication/best-practices.md
index 9130f6278c570..57625f78511f0 100644
--- a/docs/azure/sdk/authentication/authentication-best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -50,13 +50,13 @@ The recommended credential reuse strategy differs by .NET application type.
 
 Implement credential reuse through the `UseCredential` method of `Microsoft.Extensions.Azure`:
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_Dac" highlight="6" :::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="12" :::
 
 For information on this approach, see [Authenticate using Microsoft Entra ID](/dotnet/azure/sdk/aspnetcore-guidance?tabs=api#authenticate-using-microsoft-entra-id).
 
 # [Other](#tab/other)
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_noDac" highlight="8, 12" :::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="8, 12" :::
 
 ---
 
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/Program.cs b/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
index 44c8df93465b6..8043cd34ecf36 100644
--- a/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
+++ b/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
@@ -3,23 +3,29 @@
 using Azure.Storage.Blobs;
 using Microsoft.Extensions.Azure;
 
-var userAssignedClientId = "<user-assigned-client-id>";
+var clientId = "<user-assigned-client-id>";
 var builder = WebApplication.CreateBuilder(args);
 
-#region snippet_credential_reuse_Dac
+#region snippet_credential_reuse_AspNetCore
 builder.Services.AddAzureClients(clientBuilder =>
 {
     clientBuilder.AddSecretClient(new Uri("<key-vault-url>"));
     clientBuilder.AddBlobServiceClient(new Uri("<blob-storage-url>"));
 
-    clientBuilder.UseCredential(new DefaultAzureCredential());
+    string clientId = builder.Configuration["UserAssignedClientId"]!;
+    ChainedTokenCredential credentialChain = new(
+        new ManagedIdentityCredential(
+            ManagedIdentityId.FromUserAssignedClientId(clientId)),
+        new VisualStudioCredential());
+
+    clientBuilder.UseCredential(credentialChain);
 });
-#endregion snippet_credential_reuse_Dac
+#endregion snippet_credential_reuse_AspNetCore
 
-#region snippet_credential_reuse_noDac
+#region snippet_credential_reuse_nonAspNetCore
 ChainedTokenCredential credentialChain = new(
     new ManagedIdentityCredential(
-        ManagedIdentityId.FromUserAssignedClientId(userAssignedClientId)),
+        ManagedIdentityId.FromUserAssignedClientId(clientId)),
     new VisualStudioCredential());
 
 BlobServiceClient blobServiceClient = new(
@@ -29,11 +35,11 @@
 SecretClient secretClient = new(
     new Uri("<key-vault-url>"),
     credentialChain);
-#endregion snippet_credential_reuse_noDac
+#endregion snippet_credential_reuse_nonAspNetCore
 
 #region snippet_retries
 ManagedIdentityCredentialOptions miCredentialOptions = new(
-        ManagedIdentityId.FromUserAssignedClientId(userAssignedClientId)
+        ManagedIdentityId.FromUserAssignedClientId(clientId)
     )
     {
         Retry =

From 316249e2156b3b07b474c173b28efe8fea987dde Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Tue, 28 Jan 2025 15:35:12 -0600
Subject: [PATCH 2/8] Update redirect entry and ToC

---
 .openpublishing.redirection.azure.json | 2 +-
 docs/azure/TOC.yml                     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.openpublishing.redirection.azure.json b/.openpublishing.redirection.azure.json
index 700958535b979..83f2317823183 100644
--- a/.openpublishing.redirection.azure.json
+++ b/.openpublishing.redirection.azure.json
@@ -125,7 +125,7 @@
             "redirect_url": "/dotnet/azure/sdk/configure-proxy"
         },
         {
-            "source_path_from_root": "/docs/azure/authentication/authentication-best-practices.md",
+            "source_path_from_root": "/docs/azure/sdk/authentication/authentication-best-practices.md",
             "redirect_url": "/dotnet/azure/sdk/authentication/best-practices"
         }
     ]
diff --git a/docs/azure/TOC.yml b/docs/azure/TOC.yml
index 402d6fad001a1..8d7bff74f9f9f 100644
--- a/docs/azure/TOC.yml
+++ b/docs/azure/TOC.yml
@@ -76,7 +76,7 @@
       - name: Credential chains
         href: ./sdk/authentication/credential-chains.md
       - name: Best practices
-        href: ./sdk/authentication/authentication-best-practices.md
+        href: ./sdk/authentication/best-practices.md
     - name: ASP.NET Core guidance
       href: ./sdk/aspnetcore-guidance.md
     - name: Resource management

From 38ee9ffdb8851442161b1111216b73fd15c83790 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Tue, 28 Jan 2025 16:51:13 -0600
Subject: [PATCH 3/8] Update code samples

---
 .../sdk/authentication/best-practices.md      |  4 +--
 .../authentication/best-practices/Program.cs  | 36 ++++++++++++-------
 2 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/docs/azure/sdk/authentication/best-practices.md b/docs/azure/sdk/authentication/best-practices.md
index 57625f78511f0..5ed73b2811b31 100644
--- a/docs/azure/sdk/authentication/best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -50,13 +50,13 @@ The recommended credential reuse strategy differs by .NET application type.
 
 Implement credential reuse through the `UseCredential` method of `Microsoft.Extensions.Azure`:
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="12" :::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="16":::
 
 For information on this approach, see [Authenticate using Microsoft Entra ID](/dotnet/azure/sdk/aspnetcore-guidance?tabs=api#authenticate-using-microsoft-entra-id).
 
 # [Other](#tab/other)
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="8, 12" :::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="12, 16":::
 
 ---
 
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/Program.cs b/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
index 8043cd34ecf36..5fe3d17b3882d 100644
--- a/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
+++ b/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
@@ -1,4 +1,5 @@
-using Azure.Identity;
+using Azure.Core;
+using Azure.Identity;
 using Azure.Security.KeyVault.Secrets;
 using Azure.Storage.Blobs;
 using Microsoft.Extensions.Azure;
@@ -12,29 +13,38 @@
     clientBuilder.AddSecretClient(new Uri("<key-vault-url>"));
     clientBuilder.AddBlobServiceClient(new Uri("<blob-storage-url>"));
 
-    string clientId = builder.Configuration["UserAssignedClientId"]!;
-    ChainedTokenCredential credentialChain = new(
-        new ManagedIdentityCredential(
-            ManagedIdentityId.FromUserAssignedClientId(clientId)),
-        new VisualStudioCredential());
+    string? clientId = builder.Configuration["UserAssignedClientId"];
 
-    clientBuilder.UseCredential(credentialChain);
+    TokenCredential credential = clientId is not null
+        ? new ManagedIdentityCredential(
+            ManagedIdentityId.FromUserAssignedClientId(clientId))
+        : new ChainedTokenCredential(
+            new VisualStudioCredential(),
+            new AzureCliCredential(),
+            new AzurePowerShellCredential());
+
+    clientBuilder.UseCredential(credential);
 });
 #endregion snippet_credential_reuse_AspNetCore
 
 #region snippet_credential_reuse_nonAspNetCore
-ChainedTokenCredential credentialChain = new(
-    new ManagedIdentityCredential(
-        ManagedIdentityId.FromUserAssignedClientId(clientId)),
-    new VisualStudioCredential());
+clientId = Environment.GetEnvironmentVariable("UserAssignedClientId");
+
+TokenCredential credential = clientId is not null
+    ? new ManagedIdentityCredential(
+        ManagedIdentityId.FromUserAssignedClientId(clientId))
+    : new ChainedTokenCredential(
+        new VisualStudioCredential(),
+        new AzureCliCredential(),
+        new AzurePowerShellCredential());
 
 BlobServiceClient blobServiceClient = new(
     new Uri("<blob-storage-url>"),
-    credentialChain);
+    credential);
 
 SecretClient secretClient = new(
     new Uri("<key-vault-url>"),
-    credentialChain);
+    credential);
 #endregion snippet_credential_reuse_nonAspNetCore
 
 #region snippet_retries

From 691c5dcc9b9a93bcbc6b7e754b03987a574bc3f4 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Tue, 28 Jan 2025 16:59:27 -0600
Subject: [PATCH 4/8] Update line numbers

---
 docs/azure/sdk/authentication/best-practices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/azure/sdk/authentication/best-practices.md b/docs/azure/sdk/authentication/best-practices.md
index 5ed73b2811b31..857b355c31727 100644
--- a/docs/azure/sdk/authentication/best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -56,7 +56,7 @@ For information on this approach, see [Authenticate using Microsoft Entra ID](/d
 
 # [Other](#tab/other)
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="12, 16":::
+:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="13, 17":::
 
 ---
 

From c1fc2159355e3a91787a9f6518664c09b7f543b3 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Wed, 29 Jan 2025 08:56:23 -0600
Subject: [PATCH 5/8] Add explanations for code snippets

---
 docs/azure/sdk/authentication/best-practices.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/azure/sdk/authentication/best-practices.md b/docs/azure/sdk/authentication/best-practices.md
index 857b355c31727..4894332a0fdff 100644
--- a/docs/azure/sdk/authentication/best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -2,7 +2,7 @@
 title: Authentication best practices with the Azure Identity library for .NET
 description: This article describes authentication best practices to follow when using the Azure Identity library for .NET.
 ms.topic: conceptual
-ms.date: 01/24/2025
+ms.date: 01/29/2025
 ---
 
 # Authentication best practices with the Azure Identity library for .NET
@@ -48,7 +48,7 @@ The recommended credential reuse strategy differs by .NET application type.
 
 # [ASP.NET Core](#tab/aspdotnet)
 
-Implement credential reuse through the `UseCredential` method of `Microsoft.Extensions.Azure`:
+Implement credential reuse through the <xref:Microsoft.Extensions.Azure.AzureClientFactoryBuilder.UseCredential%2A> method of `Microsoft.Extensions.Azure`. For example, imagine an ASP.NET Core app hosted on Azure App Service, with a `UserAssignedClientId` environment variable set. The .NET configuration provider determines the environment variable exists, and `ManagedIdentityCredential` will be used to authenticate the Key Vault Secrets and Blob Storage clients. Otherwise, a chained sequence of development-time credentials is used.
 
 :::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="16":::
 
@@ -56,6 +56,8 @@ For information on this approach, see [Authenticate using Microsoft Entra ID](/d
 
 # [Other](#tab/other)
 
+In non-ASP.NET Core apps, credential reuse is accomplished by passing the same credential instance to each client constructor.
+
 :::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="13, 17":::
 
 ---

From 3ac7de3a4ee7875be7c0bfe21cd8c352e12f8b84 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Wed, 29 Jan 2025 09:56:53 -0600
Subject: [PATCH 6/8] Update code samples

---
 .../sdk/authentication/best-practices.md      |  6 ++--
 .../authentication/Directory.Packages.props   |  4 +--
 .../best-practices/BestPractices.sln          | 36 +++++++++++++++++++
 .../ConfidentialClientApp.csproj}             |  3 +-
 .../best-practices/{ => CCA}/Program.cs       | 22 ------------
 .../{ => CCA}/Properties/launchSettings.json  |  0
 .../{ => CCA}/appsettings.Development.json    |  0
 .../best-practices/{ => CCA}/appsettings.json |  0
 .../best-practices/PCA/App.xaml               |  9 +++++
 .../best-practices/PCA/App.xaml.cs            | 13 +++++++
 .../best-practices/PCA/AssemblyInfo.cs        | 10 ++++++
 .../best-practices/PCA/MainWindow.xaml        | 12 +++++++
 .../best-practices/PCA/MainWindow.xaml.cs     | 36 +++++++++++++++++++
 .../best-practices/PCA/PublicClientApp.csproj | 18 ++++++++++
 14 files changed, 141 insertions(+), 28 deletions(-)
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/BestPractices.sln
 rename docs/azure/sdk/snippets/authentication/best-practices/{AuthBestPractices.csproj => CCA/ConfidentialClientApp.csproj} (81%)
 rename docs/azure/sdk/snippets/authentication/best-practices/{ => CCA}/Program.cs (74%)
 rename docs/azure/sdk/snippets/authentication/best-practices/{ => CCA}/Properties/launchSettings.json (100%)
 rename docs/azure/sdk/snippets/authentication/best-practices/{ => CCA}/appsettings.Development.json (100%)
 rename docs/azure/sdk/snippets/authentication/best-practices/{ => CCA}/appsettings.json (100%)
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml.cs
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/PCA/AssemblyInfo.cs
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml.cs
 create mode 100644 docs/azure/sdk/snippets/authentication/best-practices/PCA/PublicClientApp.csproj

diff --git a/docs/azure/sdk/authentication/best-practices.md b/docs/azure/sdk/authentication/best-practices.md
index 4894332a0fdff..22d3a37917a83 100644
--- a/docs/azure/sdk/authentication/best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -50,15 +50,15 @@ The recommended credential reuse strategy differs by .NET application type.
 
 Implement credential reuse through the <xref:Microsoft.Extensions.Azure.AzureClientFactoryBuilder.UseCredential%2A> method of `Microsoft.Extensions.Azure`. For example, imagine an ASP.NET Core app hosted on Azure App Service, with a `UserAssignedClientId` environment variable set. The .NET configuration provider determines the environment variable exists, and `ManagedIdentityCredential` will be used to authenticate the Key Vault Secrets and Blob Storage clients. Otherwise, a chained sequence of development-time credentials is used.
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="16":::
+:::code language="csharp" source="../snippets/authentication/best-practices/CCA/Program.cs" id="snippet_credential_reuse_AspNetCore" highlight="16":::
 
 For information on this approach, see [Authenticate using Microsoft Entra ID](/dotnet/azure/sdk/aspnetcore-guidance?tabs=api#authenticate-using-microsoft-entra-id).
 
 # [Other](#tab/other)
 
-In non-ASP.NET Core apps, credential reuse is accomplished by passing the same credential instance to each client constructor.
+In non-ASP.NET Core apps, credential reuse is accomplished by passing the same credential instance to each client constructor. For example, imagine a WPF app using the authentication broker on Windows.
 
-:::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="13, 17":::
+:::code language="csharp" source="../snippets/authentication/best-practices/PCA/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="12, 16":::
 
 ---
 
diff --git a/docs/azure/sdk/snippets/authentication/Directory.Packages.props b/docs/azure/sdk/snippets/authentication/Directory.Packages.props
index 6a7584c99a6ae..64bda2aecce28 100644
--- a/docs/azure/sdk/snippets/authentication/Directory.Packages.props
+++ b/docs/azure/sdk/snippets/authentication/Directory.Packages.props
@@ -5,8 +5,8 @@
   <ItemGroup>
     <!-- Azure SDK packages -->
     <PackageVersion Include="Microsoft.Extensions.Azure" Version="1.7.5" />
-    <PackageVersion Include="Azure.Identity" Version="1.13.1" />
-    <PackageVersion Include="Azure.Identity.Broker" Version="1.1.0" />
+    <PackageVersion Include="Azure.Identity" Version="1.13.2" />
+    <PackageVersion Include="Azure.Identity.Broker" Version="1.2.0" />
 	  <PackageVersion Include="Azure.Security.KeyVault.Secrets" Version="4.7.0" />
     <PackageVersion Include="Azure.Storage.Blobs" Version="12.21.2" />
 
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/BestPractices.sln b/docs/azure/sdk/snippets/authentication/best-practices/BestPractices.sln
new file mode 100644
index 0000000000000..74b689c3614e1
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/BestPractices.sln
@@ -0,0 +1,36 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.13.35716.79
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ConfidentialClientApp", "CCA\ConfidentialClientApp.csproj", "{6FB4D659-156E-C79B-1602-D99A3B0BC1B8}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PublicClientApp", "PCA\PublicClientApp.csproj", "{0C902D2D-2B8D-479A-C29F-90EF265B1666}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{02EA681E-C7D8-13C7-8484-4AC65E1B71E8}"
+	ProjectSection(SolutionItems) = preProject
+		..\..\Directory.Packages.props = ..\..\Directory.Packages.props
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{6FB4D659-156E-C79B-1602-D99A3B0BC1B8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6FB4D659-156E-C79B-1602-D99A3B0BC1B8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6FB4D659-156E-C79B-1602-D99A3B0BC1B8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6FB4D659-156E-C79B-1602-D99A3B0BC1B8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0C902D2D-2B8D-479A-C29F-90EF265B1666}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0C902D2D-2B8D-479A-C29F-90EF265B1666}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0C902D2D-2B8D-479A-C29F-90EF265B1666}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0C902D2D-2B8D-479A-C29F-90EF265B1666}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {8002C7E1-9D56-4063-BFEF-6CDB73707080}
+	EndGlobalSection
+EndGlobal
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/AuthBestPractices.csproj b/docs/azure/sdk/snippets/authentication/best-practices/CCA/ConfidentialClientApp.csproj
similarity index 81%
rename from docs/azure/sdk/snippets/authentication/best-practices/AuthBestPractices.csproj
rename to docs/azure/sdk/snippets/authentication/best-practices/CCA/ConfidentialClientApp.csproj
index 5e7b705f2e39c..00599c753d402 100644
--- a/docs/azure/sdk/snippets/authentication/best-practices/AuthBestPractices.csproj
+++ b/docs/azure/sdk/snippets/authentication/best-practices/CCA/ConfidentialClientApp.csproj
@@ -1,9 +1,10 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
+    <ProjectUISubcaption>ASP.NET Core</ProjectUISubcaption>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/Program.cs b/docs/azure/sdk/snippets/authentication/best-practices/CCA/Program.cs
similarity index 74%
rename from docs/azure/sdk/snippets/authentication/best-practices/Program.cs
rename to docs/azure/sdk/snippets/authentication/best-practices/CCA/Program.cs
index 5fe3d17b3882d..33186d5fe9f09 100644
--- a/docs/azure/sdk/snippets/authentication/best-practices/Program.cs
+++ b/docs/azure/sdk/snippets/authentication/best-practices/CCA/Program.cs
@@ -1,7 +1,5 @@
 using Azure.Core;
 using Azure.Identity;
-using Azure.Security.KeyVault.Secrets;
-using Azure.Storage.Blobs;
 using Microsoft.Extensions.Azure;
 
 var clientId = "<user-assigned-client-id>";
@@ -27,26 +25,6 @@
 });
 #endregion snippet_credential_reuse_AspNetCore
 
-#region snippet_credential_reuse_nonAspNetCore
-clientId = Environment.GetEnvironmentVariable("UserAssignedClientId");
-
-TokenCredential credential = clientId is not null
-    ? new ManagedIdentityCredential(
-        ManagedIdentityId.FromUserAssignedClientId(clientId))
-    : new ChainedTokenCredential(
-        new VisualStudioCredential(),
-        new AzureCliCredential(),
-        new AzurePowerShellCredential());
-
-BlobServiceClient blobServiceClient = new(
-    new Uri("<blob-storage-url>"),
-    credential);
-
-SecretClient secretClient = new(
-    new Uri("<key-vault-url>"),
-    credential);
-#endregion snippet_credential_reuse_nonAspNetCore
-
 #region snippet_retries
 ManagedIdentityCredentialOptions miCredentialOptions = new(
         ManagedIdentityId.FromUserAssignedClientId(clientId)
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/Properties/launchSettings.json b/docs/azure/sdk/snippets/authentication/best-practices/CCA/Properties/launchSettings.json
similarity index 100%
rename from docs/azure/sdk/snippets/authentication/best-practices/Properties/launchSettings.json
rename to docs/azure/sdk/snippets/authentication/best-practices/CCA/Properties/launchSettings.json
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/appsettings.Development.json b/docs/azure/sdk/snippets/authentication/best-practices/CCA/appsettings.Development.json
similarity index 100%
rename from docs/azure/sdk/snippets/authentication/best-practices/appsettings.Development.json
rename to docs/azure/sdk/snippets/authentication/best-practices/CCA/appsettings.Development.json
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/appsettings.json b/docs/azure/sdk/snippets/authentication/best-practices/CCA/appsettings.json
similarity index 100%
rename from docs/azure/sdk/snippets/authentication/best-practices/appsettings.json
rename to docs/azure/sdk/snippets/authentication/best-practices/CCA/appsettings.json
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml b/docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml
new file mode 100644
index 0000000000000..b45e34c0aaecb
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml
@@ -0,0 +1,9 @@
+<Application x:Class="PublicClientAppAuthBestPractices.App"
+             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+             xmlns:local="clr-namespace:PublicClientAppAuthBestPractices"
+             StartupUri="MainWindow.xaml">
+    <Application.Resources>
+         
+    </Application.Resources>
+</Application>
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml.cs b/docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml.cs
new file mode 100644
index 0000000000000..203ee1ec8bcd0
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/PCA/App.xaml.cs
@@ -0,0 +1,13 @@
+using System.Configuration;
+using System.Data;
+using System.Windows;
+
+namespace PublicClientAppAuthBestPractices;
+
+/// <summary>
+/// Interaction logic for App.xaml
+/// </summary>
+public partial class App : Application
+{
+}
+
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/PCA/AssemblyInfo.cs b/docs/azure/sdk/snippets/authentication/best-practices/PCA/AssemblyInfo.cs
new file mode 100644
index 0000000000000..cc29e7f74114a
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/PCA/AssemblyInfo.cs
@@ -0,0 +1,10 @@
+using System.Windows;
+
+[assembly:ThemeInfo(
+    ResourceDictionaryLocation.None,            //where theme specific resource dictionaries are located
+                                                //(used if a resource is not found in the page,
+                                                // or application resource dictionaries)
+    ResourceDictionaryLocation.SourceAssembly   //where the generic resource dictionary is located
+                                                //(used if a resource is not found in the page,
+                                                // app, or any theme specific resource dictionaries)
+)]
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml b/docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml
new file mode 100644
index 0000000000000..3e0af8a51c730
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml
@@ -0,0 +1,12 @@
+<Window x:Class="PublicClientAppAuthBestPractices.MainWindow"
+        xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+        xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
+        xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
+        xmlns:local="clr-namespace:PublicClientAppAuthBestPractices"
+        mc:Ignorable="d"
+        Title="MainWindow" Height="450" Width="800">
+    <Grid>
+        <Button Content="Button" Click="testBrokeredAuth_Click" />
+    </Grid>
+</Window>
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml.cs b/docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml.cs
new file mode 100644
index 0000000000000..8de663263eab1
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/PCA/MainWindow.xaml.cs
@@ -0,0 +1,36 @@
+using System.Windows;
+using System.Windows.Interop;
+using Azure.Identity;
+using Azure.Identity.Broker;
+using Azure.Security.KeyVault.Secrets;
+using Azure.Storage.Blobs;
+
+namespace PublicClientAppAuthBestPractices;
+
+/// <summary>
+/// Interaction logic for MainWindow.xaml
+/// </summary>
+public partial class MainWindow : Window
+{
+    public MainWindow() => InitializeComponent();
+
+    #region snippet_credential_reuse_nonAspNetCore
+    private void testBrokeredAuth_Click(object sender, RoutedEventArgs e)
+    {
+        IntPtr windowHandle = new WindowInteropHelper(this).Handle;
+        InteractiveBrowserCredential credential = new(
+            new InteractiveBrowserCredentialBrokerOptions(windowHandle)
+            {
+                UseDefaultBrokerAccount = true,
+            });
+
+        BlobServiceClient blobServiceClient = new(
+            new Uri("<blob-storage-url>"),
+            credential);
+
+        SecretClient secretClient = new(
+            new Uri("<key-vault-url>"),
+            credential);
+    }
+    #endregion snippet_credential_reuse_nonAspNetCore
+}
diff --git a/docs/azure/sdk/snippets/authentication/best-practices/PCA/PublicClientApp.csproj b/docs/azure/sdk/snippets/authentication/best-practices/PCA/PublicClientApp.csproj
new file mode 100644
index 0000000000000..b2284870fefce
--- /dev/null
+++ b/docs/azure/sdk/snippets/authentication/best-practices/PCA/PublicClientApp.csproj
@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>WinExe</OutputType>
+    <TargetFramework>net9.0-windows</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <UseWPF>true</UseWPF>
+    <ProjectUISubcaption>WPF</ProjectUISubcaption>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Azure.Identity" />
+    <PackageReference Include="Azure.Identity.Broker" />
+    <PackageReference Include="Azure.Security.KeyVault.Secrets" />
+    <PackageReference Include="Azure.Storage.Blobs" />
+  </ItemGroup>
+</Project>

From 7c83e99762d16e6528f7d2600a33233d2a1ac422 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Wed, 29 Jan 2025 10:17:24 -0600
Subject: [PATCH 7/8] Update file name

---
 docs/azure/sdk/authentication/best-practices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/azure/sdk/authentication/best-practices.md b/docs/azure/sdk/authentication/best-practices.md
index 22d3a37917a83..a035706a236ba 100644
--- a/docs/azure/sdk/authentication/best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -58,7 +58,7 @@ For information on this approach, see [Authenticate using Microsoft Entra ID](/d
 
 In non-ASP.NET Core apps, credential reuse is accomplished by passing the same credential instance to each client constructor. For example, imagine a WPF app using the authentication broker on Windows.
 
-:::code language="csharp" source="../snippets/authentication/best-practices/PCA/Program.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="12, 16":::
+:::code language="csharp" source="../snippets/authentication/best-practices/PCA/MainWindow.xaml.cs" id="snippet_credential_reuse_nonAspNetCore" highlight="12, 16":::
 
 ---
 

From 06d3d1782fe1c4409491b36be4fee049bbb2ee68 Mon Sep 17 00:00:00 2001
From: Scott Addie <scott.addie@microsoft.com>
Date: Wed, 29 Jan 2025 10:22:35 -0600
Subject: [PATCH 8/8] Update file path

---
 docs/azure/sdk/authentication/best-practices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/azure/sdk/authentication/best-practices.md b/docs/azure/sdk/authentication/best-practices.md
index a035706a236ba..6a327317dbe34 100644
--- a/docs/azure/sdk/authentication/best-practices.md
+++ b/docs/azure/sdk/authentication/best-practices.md
@@ -79,6 +79,6 @@ The Azure Identity library for .NET allows you to authenticate via managed ident
   - The time interval between retries starts at 0.8 seconds, and a maximum of five retries are attempted, by default. This option is optimized for resilience but introduces potentially unwanted delays in the development inner loop.
   - To change any of the default retry settings, use the `Retry` property on `ManagedIdentityCredentialOptions`. For example, retry a maximum of three times, with a starting interval of 0.5 seconds:
 
-    :::code language="csharp" source="../snippets/authentication/best-practices/Program.cs" id="snippet_retries" highlight="5-9" :::
+    :::code language="csharp" source="../snippets/authentication/best-practices/CCA/Program.cs" id="snippet_retries" highlight="5-9":::
 
 For more information on customizing retry policies, see [Setting a custom retry policy](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/core/Azure.Core/samples/Configuration.md#setting-a-custom-retry-policy).