CODEWITHSUNDEEP
azureazure-active-directoryazure-blob-storage
Nehad Hazem
Nehad Hazem

Reputation: 11

Can I create BlobServiceClient using object id and client secret of an AAD app registration?

I have common code that is used in several projects that creates BlobServiceClient and BlobContainerClient like the following

BlobServiceClient blobServiceClient = new BlobServiceClient(connectionString);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);

Then gets all the blobs in the containerClient using var blobs = containerClient.GetBlobs();

I have AAD app registration created and given access to the storage account, I'm wondering if I can create the BlobServiceClient using the credentials of that app instead of the connectionString

Upvotes: 0

Views: 1409

Answers (1)

Anupam Chand
Anupam Chand

Reputation: 2722

You can use the following section of code. You will need to include the Azure.Identity Nuget package. Don't forget to set your client_id, client_secret and tenantId.

using Azure.Identity;
using Azure.Storage.Blobs;

var credential = new ClientSecretCredential(tenantId, client_id, client_secret);
Uri accountUri = new Uri("https://<storage_acct_name>.blob.core.windows.net/");
BlobServiceClient client = new BlobServiceClient(accountUri, credential);
BlobContainerClient containerClient = client.GetBlobContainerClient($"<container>");
var blobs = containerClient.GetBlobs();

But why are you using Service principal? If you are writing your application on Azure app service you can use managed identity instead. It will be less admin overhead in the long term as there are no credentials to manage. In that case, you will need to switch on the managed identity on the app service and use the DefaultAzureCredential class.

Upvotes: 0

Related Questions