ITokenAcquisition for delegated blob access is broken after first time use in Azure Blob Client pipeline, how does it dispose of IServiceProvider?

Joey Barten 1 Reputation point
2022-04-21T11:15:14.087+00:00

A problem persists using the Azure Blob .NET SDK, when acquiring delegated user tokens via the injected interface Microsoft.Identity.Web.ITokenAcquisition for downstream APIs, any and all of the blob clients dispose of the IServiceProvider object inside the ITokenAcquisition implementation. This means that the ITokenAcquisition.GetAuthenticationResultForUserAsync() can only be called once, as the Dependency Container cannot access a disposed object. The famous error message: "Cannot access disposed object. Object name 'IServiceProvider'".

When I use the exact same logic in the other Azure SDKs, such as Azure KeyVault or Azure Graph, I can in fact call the method multiple times, and it clearly makes use of the memory cache effectively as only the first call is expensive and the sequent calls return the authentication result within a millisecond.

This really obstructs our development, as we now have to work around with additional caching and also designing the software in a way that the Azure Storage SDK is called last in our controllers, because if it would be called before the other SDKs, the other SDKs are simply not able to get the AuthenticationResult or AccessToken via the broken ITokenAcquisition.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,598 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,316 questions
{count} votes