Azure storage account shared access key used in ChainedTokenCredential for client authentication in Python SDK?
I've managed to authenticate into my data lake in my storage account fro python using shared access key, but now I'm trying to chain together multiple authentication methods, namely the Managed Identity with the access key. However I couldn't find a solution for including the access key credential in the ChainedTokenCredential. Any idea or advice?
Using shared access key works:
service_client = DataLakeServiceClient(account_url, credential=account_key)
What setup shall I use to chain the access key credential into:
credential_chain = ChainedTokenCredential(ManagedIdentityCredential(),<access key credential>)
service_client = DataLakeServiceClient(account_url, credential=credential_chain)
service_client.get_service_properties() # to check the client authentication
so essentially I want to make this line work (the chaining with a single credential type):
credential_chain = ChainedTokenCredential(<access key credential>)
However, I couldn't find a solution for including the access key credential in the
ChainedTokenCredential. Any idea or advice?
No, it is not possible to use the access key credential in the ChainedTokenCredential.
ChainedTokenCredential is designed to chain multiple token-based credentials like ManagedIdentityCredential, AzureCliCredential, and ClientSecretCredential. These credentials retrieve access tokens from Azure Active Directory, which are then used to authenticate with Azure services. Whereas access key credential is not a token-based credential; it uses a shared access key to authenticate with Azure services directly.
You can use Managed Identity and Azure CLI with ChainedTokenCredential in code.
Code:
from azure.identity import ChainedTokenCredential, ManagedIdentityCredential, AzureCliCredential
from azure.storage.filedatalake import DataLakeServiceClient
account_url = "https://venkat123.dfs.core.windows.net"
managed_identity = ManagedIdentityCredential()
azure_cli = AzureCliCredential()
credential_chain = ChainedTokenCredential(managed_identity, azure_cli)
service_client = DataLakeServiceClient(account_url, credential=credential_chain)
properties = service_client.get_service_properties()
analytics_logging = properties['analytics_logging']
print(analytics_logging)
Output:
{'version': '1.0', 'delete': False, 'read': False, 'write': False, 'retention_policy': <azure.storage.filedatalake._models.RetentionPolicy object at 0x000002F9BE87EE10>}
Reference: Azure Identity 301 - ChainedTokenCredential | Jon Gallant
- Laravel: Auth::user()->id trying to get a property of a non-object
- 404 page not found when running firebase deploy
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- Symfony2: How to change Entity Manager just before doing login_check
- JWT signature verification failing
- SMAppService register() - How to detect launch at startup/login vs regular launch?
- AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
- authMiddleware doesn't exist after installing clerk
- Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
- Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
- How to change the app name for Firebase authentication (what the user sees)
- How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
- Unexpected authorization behaviour in a Blazor Web App with .NET 8
- MongoDB: Understand createUser and db admin
- Update react context without refreshing page on state update
- What is the standard/modern way to use CAC/PIV card authentication in Java/Tomcat web applications?
- Keycloak retrieve custom attributes to KeycloakPrincipal
- Secure Google Cloud Functions http trigger with auth
- Cannot authenticate in fresh installed Laravel 11 with MySQL/MariaDB
- authentication with only username (id) in laravel
- Having problem Authorizing Authenticated user account in Web API
- What is the purpose of a "Refresh Token"?
- AuthenticationHandler's ChallengeAsync does not contain the failures
- What to validate 'iat' and 'sub' claims of a JWT against?
- Custom authentication provider in silex application
- login and logout in several laravel projects
- ProviderSettings class not found it says Cannot resolve symbol ProviderSettings
- Azure Devops pipeline, git authentication only works with -c http.extraheader
- Difference between frontend user authetication and backend user authentication