Azure.Storage.Blobs connect to Storage account via Private Endpoint (using local IP address)

Sergey Gorbushin 21 Reputation points
2021-01-28T12:34:49.263+00:00

Hi!
I use Azure.Storage.Blobs, Version=12.8.0.0 in my .net core project. My storage account has a private endpoint with a local IP (e.g. 10.1.1.1). I want to access the blob storage via the local IP to ensure, that my data goes internal only.

When I'm tying to use the IP address in connection string (;EndpointSuffix=core.windows.net -> ;EndpointSuffix=10.1.1.1) to use constructor BlobContainerClient(string connectionString, string blobContainerName), I'm getting an error "No valid combination of account information found."

If I'm trying to user constructor BlobContainerClient(Uri blobContainerUri, StorageSharedKeyCredential credential, BlobClientOptions options = null) with blobContainerUri "http://10.1.1.1/tmp", BlobContainerClient instance makes AccountName = "tmp", and Name = "", because its url pattern is "https://{account_name}.blob.core.windows.net/{container_name}". And I'm getting an error "HTTP Error 400. The request hostname is invalid"

How should I use the BlobContainerClient with a local IP address?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,762 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
473 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,131 questions
{count} votes

Accepted answer
  1. shiva patpi 13,146 Reputation points Microsoft Employee
    2021-01-28T21:43:35.113+00:00

    Hello @Sergey Gorbushin ,
    Thanks for your query and for the detailed notes.
    I was able to repro your issue locally for my azure storage account with private endpoint enabled.

    Below is the working Complete Module but with StorageAccountKey (not SAS) - I think it should also work for SAS with minor changes.

    static void StorageAccount_Enabled_PrivateEndPoint_CreateContainerAndUploadFiles()

        {  
    
            try  
    
            {  
    
                // Get a connection string to our Azure Storage account.  
    
                string connectionString = "DefaultEndpointsProtocol=https;AccountName=testsa;AccountKey=key==;EndpointSuffix=mylocalip";  
    
                //connectionString = ConfigurationManager.ConnectionStrings["connstr"].ConnectionString;  
    
                string containerName = "test3";  
    
                string filePath = "License.txt";  
    
                // Get a reference to a container  and then create it  
                BlobContainerClient container = new BlobContainerClient(connectionString, containerName);  
    
                container.CreateIfNotExists();  
                // upload blobs  
                container.UploadBlob("first", File.OpenRead(filePath));  
                container.UploadBlob("second", File.OpenRead(filePath));  
                container.UploadBlob("third", File.OpenRead(filePath));  
    
                // Print out all the blob names  
                foreach (BlobItem blob in container.GetBlobs())  
                {  
                    Console.WriteLine(blob.Name);  
                }  
            }  
            catch(Exception ex)  
            {  
                Console.WriteLine(ex.ToString());  
            }  
    
        }  
    

    Couple of Most Important Points:

    1) In the connection string when you copy from Azure Portal Storage Account , there will be couple of spaces between them . Try removing those spaces. (For example below)
    AccountName = testshp
    AccountKey=key==

    2) If you want to mention your IP address in the constructor for the parameter (EndpointSuffix=10.1.1.1). Make sure to add your clientIP address using the portal storage account.
    StorageAccount -> Networking -> Firewall (Section) -> Check the box (Add your clientIP address)

    3) Try adding your localIP in the connection string itself instead of passing to constructor

    4) JUST FYI- Couple of below articles also points to the error message "No valid combination of account information found." - which was resolved by mentioned the connection string in the App.config file (But it might not be true , as I was able to run both in the code and app.config file)

    Additional references:

    If the above steps resolves your issue , please "Accept the Answer" so that it can be help to the community out there.

    0 comments No comments

0 additional answers

Sort by: Most helpful