I have the clientId and clientSecret of Data Lake Store (Gen-2) and I am looking for a way to create SAS token for it in a programmatic way using C#. I have gone through the documentation but have not find a way to create a SAS token. Any guidance will be appreciated. Thanks.
As suggested by Md Farid Uddin Kiron, I used this code but unsuccessful:
//Token Request End Point
string tokenUrl = $"https://login.microsoftonline.com/<tenantId>.onmicrosoft.com/oauth2/token";
var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);
//I am Using client_credentials as It is mostly recommended
tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "--------",
["client_secret"] = "-------",
["resource"] = "https://<datalake gen2 name>.dfs.core.windows.net/"
});
dynamic json;
AccessTokenClass results = new AccessTokenClass();
HttpClient client = new HttpClient();
var tokenResponse = client.SendAsync(tokenRequest).GetAwaiter();
json = tokenResponse.GetResult().Content.ReadAsStringAsync().GetAwaiter();
results = JsonConvert.DeserializeObject<AccessTokenClass>(json);
It is giving me status 400 error.
If you want to use Azure AD access token to access Azure data lake gen2, please refer to the following code
az login
az account set --subscription "<your subscription id>"
# it will assign Storage Blob Data Contributor to the sp at subscription level
az ad sp create-for-rbac -n "mysample" --role Storage Blob Data Contributor
string tokenUrl = $"https://login.microsoftonline.com/<tenantId>.onmicrosoft.com/oauth2/token";
var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);
//I am Using client_credentials as It is mostly recommended
tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "--------",
["client_secret"] = "-------",
["resource"] = "https://storage.azure.com/"
});
dynamic json;
AccessTokenClass results = new AccessTokenClass();
HttpClient client = new HttpClient();
var tokenResponse = client.SendAsync(tokenRequest).GetAwaiter();
json = tokenResponse.GetResult().Content.ReadAsStringAsync().GetAwaiter();
results = JsonConvert.DeserializeObject<AccessTokenClass>(json);
If you want to create sas token, please refer to the following steps
var key = account key you copy";
var accountName = "testadls05";
StorageSharedKeyCredential credential = new StorageSharedKeyCredential(accountName, key);
AccountSasBuilder sas = new AccountSasBuilder
{
Protocol = SasProtocol.None,
Services = AccountSasServices.Blobs,
ResourceTypes = AccountSasResourceTypes.All,
StartsOn = DateTimeOffset.UtcNow.AddHours(-1),
ExpiresOn = DateTimeOffset.UtcNow.AddHours(1),
};
sas.SetPermissions(AccountSasPermissions.All);
var uri = $"https://{accountName}.dfs.core.windows.net/";
UriBuilder sasUri = new UriBuilder(uri);
sasUri.Query = sas.ToSasQueryParameters(credential).ToString();
DataLakeServiceClient service = new DataLakeServiceClient(sasUri.Uri);
var result =service.GetFileSystems().First();
Console.WriteLine(result.Name);
Following code can be used to create SAS token for datalake gen2 using service principles:
Here Password is Client Secret and Username is ClientId .
$securePassword = ConvertTo-SecureString -AsPlainText -Force -String $Password
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $securePassword
Connect-AzAccount -Credential $Credential -ServicePrincipal -Tenant $Tenant -Subscription $SubscriptionName
Write-Host -ForegroundColor Green "Creating an account level SAS Token.."
## Get the storage account
$storageAcc=Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName
## Get the storage account context
$ctx=$storageAcc.Context
## Creates an account-level SAS token.
New-AzStorageAccountSASToken -Context $ctx -Service Blob,File,Table,Queue -ResourceType Service,Container,Object -Permission "racwdlup" -StartTime "2020-06-18" -ExpiryTime "2022-06-18"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.