Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
453 questions
ACR Authentication Options
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 69%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)
Yuxuan Li
0
Reputation points Microsoft Employee
Our .NET service is currently authenticating and pulling images from isolated ACR using an app registration with a username and password. We are considering using dSMS certificates instead. The plan is to obtain an access token from AAD, exchange it for an ACR refresh token, and use this token for authenticating and pulling images from ACR.
However, we would like to avoid adding dependencies on AAD (ESTS), and we are considering whether it's possible to use a dSTS-based token instead of an ESTS token for this process.
We have the following questions:
- How does the username and password-based ACR authentication work behind the scenes? Does it involve or bypass AAD?
- Is it possible to use dSTS-based tokens for ACR authentication? Is there a way for us to have a dSTS dependency for ACR authentication?
Any guidance on this would be greatly appreciated.
Sign in to answer