Florian Eckert
Reputation: 311
Azure Storage authentication via AzureServiceTokenProvider for CloudTableClient
I am looking into using Azure AD to authenticate access to an Azure Storage account.
using Microsoft.Azure.Services.AppAuthentication; // 1.1.0-preview
using Microsoft.WindowsAzure.Storage; // 9.3.0
using Microsoft.WindowsAzure.Storage.Auth;
using Microsoft.WindowsAzure.Storage.Blob;
using Microsoft.WindowsAzure.Storage.Queue;
using Microsoft.WindowsAzure.Storage.Table;
using System;
using System.Threading.Tasks;
class Program
{
static async Task Main(string[] args)
{
string storageAccountName = "fill_in";
AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/");//, tenantId);
TokenCredential tokenCredential = new TokenCredential(accessToken);
StorageCredentials storageCredentials = new StorageCredentials(tokenCredential);
// blobs access
CloudBlobClient cloudBlobClient = new CloudBlobClient(new StorageUri(new Uri($"https://{storageAccountName}.blob.core.windows.net")), storageCredentials);
ContainerResultSegment containerResultSegment = await cloudBlobClient.ListContainersSegmentedAsync(null);
CloudBlobContainer cloudBlobContainer = cloudBlobClient.GetContainerReference("test" + DateTime.Now.Ticks);
await cloudBlobContainer.CreateIfNotExistsAsync();
// queue access
CloudQueueClient cloudQueueClient = new CloudQueueClient(new StorageUri(new Uri($"https://{storageAccountName}.queue.core.windows.net")), storageCredentials);
QueueResultSegment queueResultSegment = await cloudQueueClient.ListQueuesSegmentedAsync(null);
CloudQueue cloudQueue = cloudQueueClient.GetQueueReference("test" + DateTime.Now.Ticks);
await cloudQueue.CreateIfNotExistsAsync();
// table access
CloudTableClient cloudTableClient = new CloudTableClient(new StorageUri(new Uri($"https://{storageAccountName}.table.core.windows.net")), storageCredentials);
// this http request results in "HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature."
TableResultSegment tableResultSegment = await cloudTableClient.ListTablesSegmentedAsync(null);
CloudTable cloudTable = cloudTableClient.GetTableReference("test" + DateTime.Now.Ticks);
await cloudTable.CreateIfNotExistsAsync();
}
}
Trying to use tables, results in Microsoft.WindowsAzure.Storage.StorageException: 'Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.'
In portal.azure.com I do see the roles for
- Storage Blob Data ___ (Preview)
- Storage Queue Data ___ (Preview)
Using Azure Storage tables this way is out of scope right now or am I missing something?
Regards, Florian
Upvotes: 4
Views: 3432
Answers (2)
axfd
Reputation: 321
Azure AD integration is currently available in preview for the Blob and Queue services. Tables service is not supported yet.
Upvotes: 0
juunas
Reputation: 58898
Tables are not yet supported for AAD auth. Only Blobs and Queues as you can see from the available roles.
Upvotes: 0
Related Questions
- Azure tableclient in console app using interactive authentication
- How to Authorize a Managed Identity to access Azure Table Storage using Microsoft.WindowsAzure.Storage.Table.CloudTableClient
- Azure Storage Queue via REST API c# using Shared Key Authentication
- How to connect to Azure Storage Table with C#
- Development Storage Account Requires Authentication
- Azure storage tables Rest API is throwing 403 - Server failed to authenticate the request even though auth token is passed
- Authorization of Azure Storage service REST API for table
- Understanding Azure CloudTableClient: Forbidden(403) Exception
- Windows Azure Tables REST Api Authentication
- Authorization Header for Windows Azure Storage REST API from Windows Store App