-
Notifications
You must be signed in to change notification settings - Fork 298
AAD Authentication
Leonid edited this page Apr 25, 2022
·
1 revision
AzureStorage package can utilize AAD authentication to avoid keeping secrets in code.
Managed Identity used by the application should be having following access rights for the Storage account
- Storage Table Data Contributor
- Storage Queue Data Contributor
- Storage Blob Data Owner
TokenCredential is an abstract Azure.Core credential, the specific implementation used depends on the authentication method, used by the application (for example, ClientCertificateCredential for ClientCertificates). Code below assumes it was configured before and added to the DI container.
private const string AzureStorageScope = "https://storage.azure.com/.default";
...
services.AddSingleton<AzureStorageOrchestrationService>(sp =>
{
Azure.Core.TokenCredential credential = services.GetRequiredService<Azure.Core.TokenCredential>();
var storageTokenCredential = new WindowsAzure.Storage.Auth.TokenCredential(
(credential.GetToken(new TokenRequestContext(scopes: new string[] { AzureStorageScope }), CancellationToken.None)).Token);
var storageCredentials = new WindowsAzure.Storage.Auth.StorageCredentials(storageTokenCredential);
var serviceSettings = new AzureStorageOrchestrationServiceSettings
{
StorageAccountDetails = new StorageAccountDetails
{
AccountName = "{storageAccountName}",
StorageCredentials = storageCredentials,
}
};
return new AzureStorageOrchestrationService(serviceSettings);
});