Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
1,689 questions
ITokenAcquisition for delegated blob access is broken after first time use in Azure Blob Client pipeline, how does it dispose of IServiceProvider?
Joey Barten
1
Reputation point
A problem persists using the Azure Blob .NET SDK, when acquiring delegated user tokens via the injected interface Microsoft.Identity.Web.ITokenAcquisition for downstream APIs, any and all of the blob clients dispose of the IServiceProvider object inside the ITokenAcquisition implementation. This means that the ITokenAcquisition.GetAuthenticationResultForUserAsync() can only be called once, as the Dependency Container cannot access a disposed object. The famous error message: "Cannot access disposed object. Object name 'IServiceProvider'".
When I use the exact same logic in the other Azure SDKs, such as Azure KeyVault or Azure Graph, I can in fact call the method multiple times, and it clearly makes use of the memory cache effectively as only the first call is expensive and the sequent calls return the authentication result within a millisecond.
This really obstructs our development, as we now have to work around with additional caching and also designing the software in a way that the Azure Storage SDK is called last in our controllers, because if it would be called before the other SDKs, the other SDKs are simply not able to get the AuthenticationResult or AccessToken via the broken ITokenAcquisition.
{count} votes
-
Sumarigo-MSFT 34,941 Reputation points Microsoft Employee2022-04-25T06:53:36.083+00:00 @Joey Barten Thanks for raising this question! Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused. I am checking on this thread
-
Joey Barten 1 Reputation point
2022-04-25T07:12:29.273+00:00 Thank you Sumarigo. No apologies needed. I will await further information.
-
Sumarigo-MSFT 34,941 Reputation points Microsoft Employee
2022-04-26T02:53:43.813+00:00 @Joey Barten Azure.Storage.Blobs contains very little on top of the token authentication code used by all Azure SDKs through the Azure.Core package, mostly just repackaging a few parameters. What little storage-specific code I’m seeing right now doesn’t have a single Dispose call in the first place.
To clarify, since this can be a source of confusion, are all the different Azure SDKs you’re referring to dependent on the package Azure.Core, but it’s still only Azure.Storage.Blobs that causes this issue?
-
Joey Barten 1 Reputation point
2022-04-26T08:03:13.783+00:00 Hey @Sumarigo-MSFT ,
That is odd. Yes, all the packages I referred to are dependent on Azure.Core version 1.24.0.
-
Joey Barten 1 Reputation point
2022-04-26T08:03:40.803+00:00 And yes, only Azure.Storage.Blobs is the one causing this issue.
-
Joey Barten 1 Reputation point
2022-04-26T08:04:04.57+00:00 Azure.Storage.Blobs version 12.11.0
Sign in to comment