Azure Storage AAD Authentication

Overview

  • Round 1 is console app using access key for authentication
  • Round 2 is console app using AAD RBAC for authentication
  • Round 3 is web api using AAD RBAC for authentication

Round 1

Let’s start from simple code, we will create a console app and use Azure storage account access key to get authenticated, then upload a file to the existing container using .NET SDK.

setx AZURE_STORAGE_CONNECTION_STRING "<yourconnectionstring>"
dotnet new console -n BlobQuickstart
cd BlobQuickstart
mkdir dataAzur
dotnet build
dotnet run

Round 2

Let’s utilize AAD integrated RBAC authentication and list the blobs.

dotnet new console -n ListBlobs
dotnet add package Azure.Identity
dotnet add package Azure.Storage.Blobs
setx name "<your storage account name>"
Connect-AzAccount -DeviceCodeSet-AzContext <subscription id> 

New-AzRoleAssignment -RoleDefinitionName "Storage Blob Data Reader" -ObjectId <your user account OID> -Scope <Resource ID>
dotnet build
dotnet run
Azure Blob Storage v12 - .NET quickstart sample
Listing blobs...
quickstart7d211434-4205-439f-973c-a4d5515f1550.txt

Round 3

Let’s expose the capability as Rest API.

dotnet new webapi -o MyStorageApi
cd MyStorageApi
dotnet add package Microsoft.EntityFrameworkCore.InMemory
code -r ../MyStorageApi
dotnet add package Azure.Identity
dotnet add package Azure.Storage.Blobs
setx name <storage account name>
#restart VSCode
namespace MyStorageApi;
public class MyBlobFile
{
public string? BlobFile { get; set; }
public DateTimeOffset? LastModified { get; set; }
}

Conclusion

It’s pretty straight forward to write .NET web api and work with Azure resource using AAD RBAC authentication, if you are familiar with c#, it might be too easy for you.

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.