Access azure blob from x++ to upload file through managed identity
we have utlise this link and others to upload a file from x++ to azure blob via SAS token. However, we want to achive the same via managed identity as the internal security has forbidden usage of Keys. I know that this involvs
- Registering an Appid
- Providing IAM access to the blob storage as data contributor/data owner role for the app id.
- Generating access token in x++ based on tenantid, appid, secret, scope
- utilise the access token to upload the file to azure blob.
I am unable to achieve step 4 via x++ code. Please help and also suggest any alternative OOB solution if applicable.
thanks.
Solution
Initially, I registered one application and granted Storage API permission in it as below:
Under storage account, I added "Storage Blob Data Contributor" role to above application like this:
In my case, I used below sample c# code to upload file to Azure Storage account:
using Azure.Identity;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
namespace AzureBlobUploadApp
{
class Program
{
private static async Task Main(string[] args)
{
string tenantId = "tenantId";
string clientId = "appId";
string clientSecret = "secret";
string storageAccountName = "sridemostor1411";
string containerName = "sri";
string blobName = "logo.jpg";
string filePath = "C:\\test\\logo.jpg";
var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
await UploadFileToBlobAsync(storageAccountName, containerName, blobName, filePath, credential);
}
private static async Task UploadFileToBlobAsync(string storageAccountName, string containerName, string blobName, string filePath, ClientSecretCredential credential)
{
string blobUri = $"https://{storageAccountName}.blob.core.windows.net/{containerName}/{blobName}";
var blobClient = new BlobClient(new Uri(blobUri), credential);
using FileStream fileStream = File.OpenRead(filePath);
await blobClient.UploadAsync(fileStream, new BlobHttpHeaders { ContentType = "application/octet-stream" });
Console.WriteLine("File uploaded successfully!");
}
}
}
Response:
To confirm that, I checked the same in Azure Portal where file uploaded successfully as below:
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs