How to use Azure user assigned managed identity with old connection String way

Aman Singh 0 Reputation points
2023-02-13T10:34:05.3866667+00:00

Hi team.
Is there any way so that we can use Azure user assigned managed identity with connection string for accessing the azure blob storage.

example :- by passing client id in connection string instead of sas or account key.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,201 questions
{count} votes

2 answers

Sort by: Most helpful
  1. MUHAMMAD IMRAN 15 Reputation points
    2023-02-13T10:55:29.2966667+00:00

    Yes, you can use an Azure user-assigned managed identity with a connection string to access Azure Blob storage.

    Here are the steps you can follow to use an Azure user-assigned managed identity with a connection string to access Azure Blob storage:

    1. Create an Azure user-assigned managed identity in Azure Active Directory.
    2. Assign the managed identity to the Azure resource that requires access to the Blob storage, such as an Azure virtual machine or Azure logic app.
    3. Configure Azure Blob storage access for the managed identity. You can do this by granting the managed identity the appropriate role-based access control (RBAC) permissions to the Blob storage account, container, or blob.
    4. In your code, you can use the managed identity to generate a Shared Access Signature (SAS) token, which you can then include in the connection string to access the Blob storage.
    5. In your code, you can use the Azure.Identity NuGet package to retrieve an access token for the managed identity, and then use that token to generate a SAS token.

    Here's a sample code in C# that demonstrates how to use an Azure user-assigned managed identity with a connection string to access Azure Blob storage:

    using Microsoft.Azure.Services.AppAuthentication;
    using Microsoft.Azure.Storage;
    using Microsoft.Azure.Storage.Auth;
    using Microsoft.Azure.Storage.Blob;
    
    var azureServiceTokenProvider = new AzureServiceTokenProvider();
    var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/");
    var tokenCredential = new TokenCredential(accessToken);
    var storageCredentials = new StorageCredentials(tokenCredential);
    var storageAccount = new CloudStorageAccount(storageCredentials, "<account-name>", endpointSuffix: null, useHttps: true);
    var blobClient = storageAccount.CreateCloudBlobClient();
    var container = blobClient.GetContainerReference("<container-name>");
    var blob = container.GetBlockBlobReference("<blob-name>");
    
    // Use the Blob storage
    var content = await blob.DownloadTextAsync();
    

    This code uses the AzureServiceTokenProvider class to retrieve an access token for the managed identity, and then uses that token to create a TokenCredential object. The TokenCredential object is then used to create StorageCredentials object, which is used to create a CloudStorageAccount object. Finally, you can use the CloudStorageAccount object to interact with Blob storage.

    Note that in this example, you need to replace <account-name> with the name of your Blob storage account, <container-name> with the name of the container you want to access, and <blob-name> with the name of the blob you want to access.

    2 people found this answer helpful.
    0 comments No comments

  2. MUHAMMAD IMRAN 15 Reputation points
    2023-02-13T10:57:01.99+00:00

    I hope this helps! Let me know if you have any additional questions.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.