My goal is writing a .NET Core Azure backup application, which only has read access to Azure Blob Storage with list/read rights.
Specifically, I would like to list all blobs in a container.
Therefore, using the access keys in each storage account is not a good approach as a) the application would have full write/delete access and b) I would have to provide a key for each storage account (and there are multiple storage accounts). Also, I don't want to use the other option of "Shared Access Signatures", because they are for each container and I have many containers (i. e. 20 storage accounts with up to 20 containers).
Therefore, I would like to set up a read only service principal in the Azure Active Directory >> App registrations with clientId, tenantId and clientSecret and give that read-only access.
I was able to use the Microsoft.Azure.Management.ResourceManager.Fluent.Core API to list accounts and containers, but not the blobs inside. How can I accomplish that in .NET Core?
var credentials = SdkContext.AzureCredentialsFactory
.FromServicePrincipal((string)cg.LoginCredentials.clientId,
(string)cg.LoginCredentials.clientSecret,
(string)cg.LoginCredentials.tenantId,
AzureEnvironment.AzureGlobalCloud);
//var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:\azurecred.txt");
var azure = Microsoft.Azure.Management.Fluent.Azure
.Configure()
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Authenticate(credentials)
.WithDefaultSubscription();
var account = azure.StorageAccounts.List().ToList();
Task.Run(async () =>
{
var resourceGroups = await azure.ResourceGroups.ListAsync(true);
var blobContainers = await azure.StorageAccounts.Manager.BlobContainers.ListAsync(account[4].ResourceGroupName,
account[4].Name);
var blobList = blobContainers.ToList();
}