[英]Azure Storage Account authenticate using Managed Identity and C#
I am trying to authenticate an Azure Storage Account using a user assigned managed identity but, getting the following error:我正在尝试使用用户分配的托管标识对 Azure 存储帐户进行身份验证,但出现以下错误:
unable to authenticate azure storage using user assigned managed identity...
无法使用用户分配的托管标识对 azure 存储进行身份验证...
Earlier, in the Azure portal, I've provided contributor access to the managed identity in the Storage account.早些时候,在 Azure 门户中,我提供了对存储帐户中托管标识的参与者访问权限。 All other parameters (AccountURL, container name and managed identity) are correct.
所有其他参数(AccountURL、容器名称和托管标识)都是正确的。 I am getting the error in the
await blobClient.UploadAsync
我在
await blobClient.UploadAsync
中收到错误
Please find the code below,请在下面找到代码,
public class BlobStorageManager
{
private BlobContainerClient blobContainerClient = null;
public BlobStorageManager()
{
var accountURL = ConfigurationManager.AppSettings["AccountURL"].ToString();
var containerName = ConfigurationManager.AppSettings["ContainerName"].ToString();
var managedIdentity = ConfigurationManager.AppSettings["ManagedIdentity"].ToString();
var blobServiceClient = new BlobServiceClient(new Uri(accountURL), new ManagedIdentityCredential(managedIdentity));
blobContainerClient = blobServiceClient.GetBlobContainerClient(containerName);
}
public async Task<string> UploadFileToBlobAsync(string fileName, Stream fileData, string contentType)
{
try
{
BlobClient blobClient = blobContainerClient.GetBlobClient(fileName);
var blobHttpHeaders = new BlobHttpHeaders()
{
ContentType = contentType
};
var blobUploadOptions = new BlobUploadOptions()
{
HttpHeaders = blobHttpHeaders
};
await blobClient.UploadAsync(fileData, blobUploadOptions).ConfigureAwait(false);
return blobClient.Uri.AbsoluteUri;
}
catch (Exception ex)
{
throw (ex);
}
}
I am using Azure.Identity 1.4.0 and Azure.Storage.Blobs 12.10.0我正在使用 Azure.Identity 1.4.0 和 Azure.Storage.Blobs 12.10.0
Am I missing any step?我错过了任何步骤吗? Please advise.
请指教。
Contributor role does not grant data plane access.贡献者角色不授予数据平面访问权限。 It only gives access to manage the Storage account resource itself.
它仅提供管理存储帐户资源本身的访问权限。
You need to grant the Storage Blob Data Contributor role to the Managed Identity.您需要将存储 Blob 数据参与者角色授予托管标识。 This will give it data access.
这将为其提供数据访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.