Authentication method: for container changes from (Switch to Azure AD User Account) to 'Access Key' after file copy using 'azcopy cp'

mpazure 116 Reputation points
2021-01-19T15:46:14.46+00:00

Hi,

I've configured a Container to use Azure AD User Accounts, and given the appropriate IAM role to users. Users can copy files after 'azcopy login' using their Azure AD user id. 'azcopy cp' copied the file successfully, but when I refresh the container page in the portal, it says, "Authentication method: Access key" !! If a user trys another copy using their Azure AD id, the copy is successful, eventhough the container still shows 'Authentication method: Access key' So I have two questions 1)Why is the UI changing the 'Authentication method' , after a file is copied? and 2)if the Authentication method, is 'Access key', how can subsequent copies using Azure AD ids, be successfull? azcopy version is 10.8.0

INFO: Authenticating to destination using Azure AD
0.0 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total,
Job 9c0abc94-d5f6-614d-56cf-467d55381ab1 summary
Elapsed Time (Minutes): 0.0334
Number of File Transfers: 1
Number of Folder Property Transfers: 0
Total Number of Transfers: 1
Number of Transfers Completed: 1

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,497 questions
0 comments No comments
{count} votes

Accepted answer
  1. deherman-MSFT 34,026 Reputation points Microsoft Employee
    2021-01-19T20:49:23.107+00:00

    @mpazure
    When viewing the container in the portal and it says "Authentication method: Access key" this only applies to your user that is currently logged in. Since I am assuming you are an admin account you will be able to access the storage access key and view/upload blobs from the portal. Think of the toggle in the portal as the difference between using --auth-mode login and --auth-mode key in the CLI. Anyone with a storage access key will be able to modify container data just like anyone with the proper role assigned will be able to. Toggling the authentication method in the portal will not change this.

    Hopefully that helps clear this up. Let us know if you have further issues or questions and we will be happy to help.

    -------------------------------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


1 additional answer

Sort by: Most helpful
  1. mpazure 116 Reputation points
    2021-01-19T22:10:46.99+00:00

    thanks, I see it now. The setting in the UI, just changes the authentication method, for the user logged in to the UI, for them to browse the contents of the Container. And because the admin user has access to the 'storage access key' as well as being in the IAM role, to access the storage using their Azure AD id, the UI reverts to 'Access key' if they leave the Container, and go back into it.

    0 comments No comments