1
votes

My goal is writing a .NET Core Azure backup application, which only has read access to Azure Blob Storage with list/read rights.

Specifically, I would like to list all blobs in a container.

Therefore, using the access keys in each storage account is not a good approach as a) the application would have full write/delete access and b) I would have to provide a key for each storage account (and there are multiple storage accounts). Also, I don't want to use the other option of "Shared Access Signatures", because they are for each container and I have many containers (i. e. 20 storage accounts with up to 20 containers).

Therefore, I would like to set up a read only service principal in the Azure Active Directory >> App registrations with clientId, tenantId and clientSecret and give that read-only access.

I was able to use the Microsoft.Azure.Management.ResourceManager.Fluent.Core API to list accounts and containers, but not the blobs inside. How can I accomplish that in .NET Core?

var credentials = SdkContext.AzureCredentialsFactory
                .FromServicePrincipal((string)cg.LoginCredentials.clientId,
                    (string)cg.LoginCredentials.clientSecret,
                    (string)cg.LoginCredentials.tenantId,
                    AzureEnvironment.AzureGlobalCloud);
            

            //var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"D:\azurecred.txt");
            var azure = Microsoft.Azure.Management.Fluent.Azure
                .Configure()
                .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                .Authenticate(credentials)
                .WithDefaultSubscription();
            
            
            var account = azure.StorageAccounts.List().ToList();
            
            Task.Run(async () =>
            {
                var resourceGroups = await azure.ResourceGroups.ListAsync(true);
                var blobContainers = await azure.StorageAccounts.Manager.BlobContainers.ListAsync(account[4].ResourceGroupName,
                    account[4].Name);
                var blobList = blobContainers.ToList();
}
1
If I am not mistaken, you will need to use a different SDK (Azure Storage SDK for .Net) to list blobs inside a blob container.Gaurav Mantri

1 Answers

0
votes

As Guarav mentioned, you need to use Azure Storage SDK and pass the acquired Azure AD token to authenticate your requests and list blobs and its contents:

Install-Package Azure.Identity
Install-Package Azure.Storage.Blobs

then use the following:

BlobContainerClient containerClient = new BlobContainerClient(new Uri(containerEndpoint),
                                                                new DefaultAzureCredential());

using containerClient , you can list containers and list blobs inside a container.

https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app