ACR Authentication Options
Our .NET service is currently authenticating and pulling images from isolated ACR using an app registration with a username and password. We are considering using dSMS certificates instead. The plan is to obtain an access token from AAD, exchange it for an ACR refresh token, and use this token for authenticating and pulling images from ACR.
However, we would like to avoid adding dependencies on AAD (ESTS), and we are considering whether it's possible to use a dSTS-based token instead of an ESTS token for this process.
We have the following questions:
- How does the username and password-based ACR authentication work behind the scenes? Does it involve or bypass AAD?
- Is it possible to use dSTS-based tokens for ACR authentication? Is there a way for us to have a dSTS dependency for ACR authentication?
Any guidance on this would be greatly appreciated.