![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 38%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,201 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Yes, you can use an Azure user-assigned managed identity with a connection string to access Azure Blob storage.
Here are the steps you can follow to use an Azure user-assigned managed identity with a connection string to access Azure Blob storage:
- Create an Azure user-assigned managed identity in Azure Active Directory.
- Assign the managed identity to the Azure resource that requires access to the Blob storage, such as an Azure virtual machine or Azure logic app.
- Configure Azure Blob storage access for the managed identity. You can do this by granting the managed identity the appropriate role-based access control (RBAC) permissions to the Blob storage account, container, or blob.
- In your code, you can use the managed identity to generate a Shared Access Signature (SAS) token, which you can then include in the connection string to access the Blob storage.
- In your code, you can use the Azure.Identity NuGet package to retrieve an access token for the managed identity, and then use that token to generate a SAS token.
Here's a sample code in C# that demonstrates how to use an Azure user-assigned managed identity with a connection string to access Azure Blob storage:
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Azure.Storage;
using Microsoft.Azure.Storage.Auth;
using Microsoft.Azure.Storage.Blob;
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/");
var tokenCredential = new TokenCredential(accessToken);
var storageCredentials = new StorageCredentials(tokenCredential);
var storageAccount = new CloudStorageAccount(storageCredentials, "<account-name>", endpointSuffix: null, useHttps: true);
var blobClient = storageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference("<container-name>");
var blob = container.GetBlockBlobReference("<blob-name>");
// Use the Blob storage
var content = await blob.DownloadTextAsync();
This code uses the AzureServiceTokenProvider class to retrieve an access token for the managed identity, and then uses that token to create a TokenCredential object. The TokenCredential object is then used to create StorageCredentials object, which is used to create a CloudStorageAccount object. Finally, you can use the CloudStorageAccount object to interact with Blob storage.
Note that in this example, you need to replace <account-name> with the name of your Blob storage account, <container-name> with the name of the container you want to access, and <blob-name> with the name of the blob you want to access.