堆栈内存溢出
  简体   繁体   English

Azure 存储帐户使用托管标识和 C# 进行身份验证

[英]Azure Storage Account authenticate using Managed Identity and C#

 原文  2021-10-12 08:34:37       c#/ asp.net-mvc/ azure/ azure-blob-storage/ azure-managed-identity

问题描述

I am trying to authenticate an Azure Storage Account using a user assigned managed identity but, getting the following error:我正在尝试使用用户分配的托管标识对 Azure 存储帐户进行身份验证,但出现以下错误:

unable to authenticate azure storage using user assigned managed identity...无法使用用户分配的托管标识对 azure 存储进行身份验证...

Earlier, in the Azure portal, I've provided contributor access to the managed identity in the Storage account.早些时候,在 Azure 门户中,我提供了对存储帐户中托管标识的参与者访问权限。 All other parameters (AccountURL, container name and managed identity) are correct.所有其他参数(AccountURL、容器名称和托管标识)都是正确的。 I am getting the error in the await blobClient.UploadAsync我在await blobClient.UploadAsync中收到错误

Please find the code below,请在下面找到代码,

public class BlobStorageManager
{
    private BlobContainerClient blobContainerClient = null;

    public BlobStorageManager()
    {
        var accountURL = ConfigurationManager.AppSettings["AccountURL"].ToString();
        var containerName = ConfigurationManager.AppSettings["ContainerName"].ToString();
        var managedIdentity = ConfigurationManager.AppSettings["ManagedIdentity"].ToString();       

        var blobServiceClient = new BlobServiceClient(new Uri(accountURL), new ManagedIdentityCredential(managedIdentity));

        blobContainerClient = blobServiceClient.GetBlobContainerClient(containerName);
    }

    public async Task<string> UploadFileToBlobAsync(string fileName, Stream fileData, string contentType)
    {
        try
        {
            BlobClient blobClient = blobContainerClient.GetBlobClient(fileName);

            var blobHttpHeaders = new BlobHttpHeaders()
            {
                ContentType = contentType
            };

            var blobUploadOptions = new BlobUploadOptions()
            {
                HttpHeaders = blobHttpHeaders
            };

            await blobClient.UploadAsync(fileData, blobUploadOptions).ConfigureAwait(false);

            return blobClient.Uri.AbsoluteUri;
        }
        catch (Exception ex)
        {
            throw (ex);
        }
    }

I am using Azure.Identity 1.4.0 and Azure.Storage.Blobs 12.10.0我正在使用 Azure.Identity 1.4.0 和 Azure.Storage.Blobs 12.10.0

Am I missing any step?我错过了任何步骤吗? Please advise.请指教。

1 个解决方案

解决方案1
 1  2021-10-12 08:42:27

Contributor role does not grant data plane access.贡献者角色不授予数据平面访问权限。 It only gives access to manage the Storage account resource itself.它仅提供管理存储帐户资源本身的访问权限。

You need to grant the Storage Blob Data Contributor role to the Managed Identity.您需要将存储 Blob 数据参与者角色授予托管标识。 This will give it data access.这将为其提供数据访问权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 C# 中的托管标识对 Azure 资源管理器进行身份验证 - How to authenticate with Azure Resource Manager using managed identity in C# 使用 C# SDK 定期刷新 Azure 存储帐户密钥 - Refresh Azure Storage Account Key Periodically using C# SDK 如何使用最小起订量模拟 C# 中的 Azure 存储帐户? - How to mock Azure Storage Account in C# using Moq? 带存储帐户的C#Azure自定义域 - C# Azure Custom domain with storage account 无法使用 C# Azure Function 中的系统托管标识从 Key Vault 获取机密值 - Unable to fetch secret value from Key Vault using system managed identity in C# Azure Function Azure 托管标识 - Function 应用程序和存储帐户 - DefaultAzureCredential 失败但 ManagedIdentityCredential 成功 - Azure Managed Identity - Function App & Storage Account - DefaultAzureCredential fails but ManagedIdentityCredential succeeds 访问 C# 中 Azure 中的系统托管标识的应用程序 ID - Access application id of a system managed identity in Azure in C# Azure Function 函数如何使用托管标识获取对 Azure 表存储的引用? - How can an Azure Function function get a reference to Azure Table storage using Managed Identity? 使用 Fluent API 在 C# 中创建一个 Azure 存储帐户,不允许 Blob 公共访问 - Creating an Azure Storage Account in C# using Fluent API with no Allow Blob Public Access 使用 c# 代码在 azure 存储帐户 gen 2 之间复制大文件 - Copy large file between azure storage account gen 2 using c# code
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM