Azure OpenAI Provider
Connect to Azure OpenAI Service for enterprise-grade completions with Azure-specific optimizations for
max_tokensand stream handling.
Quick Start
builder.Services
.AddCoreAIServices()
.AddCoreAIOrchestration()
.AddCoreAIAzureOpenAI();
Services Registered
| Service | Implementation | Lifetime |
|---|---|---|
IAIClientProvider | AzureOpenAIClientProvider | Scoped |
IAICompletionClient | AzureOpenAICompletionClient | Scoped |
IOpenAIChatOptionsConfiguration | AzurePatchOpenAIDataSourceHandler | Scoped |
| Connection source | — | Scoped |
Configuration
Connection Setup
Azure OpenAI requires an endpoint URL and either an API key or Azure AD credentials:
{
"CrestApps": {
"AI": {
"Providers": {
"Azure": {
"Endpoint": "https://my-resource.openai.azure.com/",
"ApiKey": "your-api-key"
}
}
}
}
}
Constants
| Constant | Value |
|---|---|
AzureOpenAIConstants.ProviderName | "Azure" |
AzureOpenAIConstants.ClientName | "Azure" |
Azure-Specific Behavior
The Azure provider includes AzurePatchOpenAIDataSourceHandler which automatically:
- Maps
max_tokensto Azure-compatible format - Handles Azure-specific stream options
- Patches
ChatCompletionOptionsfor Azure API compatibility
Capabilities
| Capability | Supported |
|---|---|
| Chat completions | ✅ |
| Streaming | ✅ |
| Embeddings | ✅ |
| Image generation | ✅ |
| Speech-to-text | ✅ (via Azure Speech) |
| Text-to-speech | ✅ (via Azure Speech) |
Azure Setup
Before configuring the provider, create the required Azure resources:
- Create an Azure OpenAI resource in the Azure Portal.
- Deploy a model — In your Azure OpenAI resource, go to Model deployments → Create new deployment. Choose a model (e.g.,
gpt-4o) and give the deployment a name. - Copy the endpoint and key — Found under Keys and Endpoint in the Azure Portal.
The deployment name in Azure OpenAI is what you pass as the deploymentName parameter when creating profiles. It does not need to match the model name (e.g., you can name a gpt-4o deployment "my-chat-model").
Configuration
Full appsettings.json configuration with endpoint, API key, and deployment:
{
"CrestApps": {
"AI": {
"Providers": {
"Azure": {
"Endpoint": "https://my-resource.openai.azure.com/",
"ApiKey": "your-api-key-here"
}
}
}
}
}
Or register programmatically:
builder.Services.AddCoreAIConnectionSource("Azure", options =>
{
options.Connections.Add(new AIProviderConnectionEntry
{
Name = "azure-production",
ProviderName = "Azure",
// Endpoint and API key are loaded from configuration
});
});
Authentication
API Key
The simplest authentication method. Suitable for development and testing:
{
"CrestApps": {
"AI": {
"Providers": {
"Azure": {
"Endpoint": "https://my-resource.openai.azure.com/",
"ApiKey": "your-api-key-here"
}
}
}
}
}
API keys grant full access to your Azure OpenAI resource. Rotate keys regularly and never commit them to source control.
DefaultAzureCredential
For production environments, use DefaultAzureCredential from the Azure Identity SDK. This supports managed identity, Azure CLI, Visual Studio, and other credential sources without storing secrets:
builder.Services.AddCoreAIConnectionSource("Azure", options =>
{
options.Connections.Add(new AIProviderConnectionEntry
{
Name = "azure-production",
ProviderName = "Azure",
// When no API key is set, the provider uses DefaultAzureCredential
});
});
When no API key is configured, the AzureOpenAIClientProvider automatically falls back to DefaultAzureCredential, which tries these credential sources in order:
- Environment variables (
AZURE_CLIENT_ID,AZURE_TENANT_ID,AZURE_CLIENT_SECRET) - Workload identity (Kubernetes)
- Managed identity
- Azure CLI / Azure PowerShell
- Visual Studio / VS Code credentials
Managed Identity
To use managed identity in production (Azure App Service, Azure Container Apps, Azure VMs):
- Enable managed identity on your hosting resource (System-assigned or User-assigned).
- Assign the role
Cognitive Services OpenAI Userto the identity on your Azure OpenAI resource. - Remove the API key from configuration — the provider uses
DefaultAzureCredentialautomatically.
{
"CrestApps": {
"AI": {
"Providers": {
"Azure": {
"Endpoint": "https://my-resource.openai.azure.com/"
}
}
}
}
}
Managed identity eliminates the need to manage and rotate API keys. It is the recommended authentication method for all Azure-hosted production workloads.