Hello,
I have a Storage Account that I want to access from an company internal Enterprise Application. I intend the application to create and update it's own Blob Containers. The application will not be using impersonation or delegation to access the containers, as a major source of blobs will be CI events (our app has an alternative authentication mechanism for this purpose).
I want the application to be able to create a blob container and then set an Immutability Policy on this container.
Can I set an Immutability Policy on a Blob Container using the C# BlobContainerClient class? I believe the answer to this is No.
However, I cannot see how to authenticate the StorageManagementClient using the Account Name / Access Key mechanism, nor can I see a way to pre-authorize the appropriate permissions to the App Registration.
This is my current code:
var resourceGroup = "resourceGroup";
var subscriptionId = "subscription_guid";
var accountName = "storageAccountName";
var clientId = "app_registration_client_id";
var clientSecret = "app_registration_client_secret";
var tenantId = "tenant_guid";
var applicationClient = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority(AzureCloudInstance.AzurePublic, tenantId)
.WithClientSecret(clientSecret)
.Build();
var tokenRequest = applicationClient.AcquireTokenForClient(
new string[] { "https://management.azure.com/.default", });
var result = await tokenRequest.ExecuteAsync();
var credentials = new TokenCredentials(result.AccessToken);
var client = new StorageManagementClient(credentials);
client.SubscriptionId = subscriptionId;
// this line throws an exception as expected, because I can't assign a role
// or application-level permission that would allow this to my AppRegistration.
var clients = client.BlobContainers.GetImmutabilityPolicy(
resourceGroup,
accountName,
"AContainer")
So how can I either
- authenticate my StorageManagementClient using the StorageAccount key
- generate an access token from the Account Key?
- set the appropriate permissions on my App Registration
Thanks for your time.