For Razor Pages, you can similarly inject the client directly:

public class BlobModel : PageModel
{
    private readonly MicrosoftIdentityTokenCredential _tokenCredential;

    public BlobModel(MicrosoftIdentityTokenCredential tokenCredential)
    {
        _tokenCredential = tokenCredential;
    }

    public async Task<IActionResult> OnGetAsync(string containerName, string blobName)
    {
        BlobContainerClient containerClient = new BlobContainerClient(new Uri($"https://storageaccountname.blob.core.windows.net/{containername}"), _microsoftIdentityTokenCredential);
        // ...rest of the implementation
    }
}

How does this differ

The Azure SDK guidance proposes to set Azure clients as singletons at stardup (so likely app only credentials). MicrosoftIdentityTokenCredential enables you to have one credential at each request, with user context, tenant, long running process, and all the flexibility that Microsoft.Identity.Web bring.

    // Register Azure services
    services.AddAzureClients(builder =>
    {
        // Use the Microsoft Identity credential for all Azure clients
        builder.UseCredential(sp => sp.GetRequiredService<TokenCredential>());
        // Configure Azure Blob Storage client
        builder.AddBlobServiceClient(new Uri("https://your-storage-account.blob.core.windows.net"));
        // Add other Azure clients as needed
    });

Advanced scenarios

Using with specific authentication schemes

If your application has multiple authentication schemes, you can specify which one to use: // Configure the token credential to use a specific authentication scheme tokenCredential.Options.AcquireTokenOptions.AuthenticationOptionsName = OpenIdConnectDefaults.AuthenticationScheme;

Custom configuration

You can customize the token acquisition behavior:

// Configure additional options
tokenCredential.Options.AcquireTokenOptions.CorrelationId = Guid.NewGuid();
tokenCredential.Options.AcquireTokenOptions.Tenant = "GUID";

## Credential Status (v4)

| Credential | Status | Guidance |
|------------|--------|----------|
| `MicrosoftIdentityTokenCredential` | Recommended | Unified credential for user, app, and agent scenarios. Configure via `Options` (e.g., `RequestAppToken`, `WithAgentIdentity`). |
| `TokenAcquirerTokenCredential` | Obsolete | Replace with `MicrosoftIdentityTokenCredential`. See [migration guide](https://aka.ms/ms-id-web/v3-to-v4). |
| `TokenAcquirerAppTokenCredential` | Obsolete | Replace with `MicrosoftIdentityTokenCredential` (`Options.RequestAppToken = true`). See [migration guide](https://aka.ms/ms-id-web/v3-to-v4). |

## Integration with Azure SDKs

This package enables integration with [Azure SDKs for .NET](https://learn.microsoft.com/dotnet/azure/sdk/azure-sdk-for-dotnet), including but not limited to:

- Azure Storage (Blobs, Queues, Tables, Files)
- Azure Key Vault (although you might rather want to use the DefaultCrentialLoader for credentials)
- Azure Service Bus
- Azure Cosmos DB
- Azure Event Hubs
- Azure Monitor

See [Azure SDK for .NET packages](https://learn.microsoft.com/dotnet/azure/sdk/packages#libraries-using-azurecore)
for the list of packages.

## Related packages

- [Microsoft.Identity.Web](https://www.nuget.org/packages/Microsoft.Identity.Web/)
- [Microsoft.Identity.Web.UI](https://www.nuget.org/packages/Microsoft.Identity.Web.UI/)
- [Microsoft.Identity.Web.MicrosoftGraph](https://www.nuget.org/packages/Microsoft.Identity.Web.MicrosoftGraph/)

## Learn more

- [Microsoft Identity Web documentation](https://aka.ms/ms-identity-web)
- [Azure SDK documentation](https://docs.microsoft.com/azure/developer/azure-sdk/)
- [Microsoft identity platform documentation](https://docs.microsoft.com/azure/active-directory/develop/)