我想知道是否没有实际的实现来访问带有c#和azure托管标识的blobstorage?
我知道有可能通过不推荐使用的nuget软件包WindowsAzure.Storage 9.3.3访问它,但看起来新的软件包Microsoft.Azure.Sorage.Blob 11.2.1还没有实现这一功能。。。
我是不是错过了什么?
Azure.Identity库具有TokenCredential抽象类的实现,该抽象类可用于对Azure.Storage.Blobs库中的客户端进行身份验证。ManagedIdentityCredential可用于在启用托管身份的azure主机上对客户端进行身份验证。
var blobServiceClient = new BlobServiceClient(new Uri($"https://{AccountName}.blob.core.windows.net"), new ManagedIdentityCredential());
有关Azure.Identity库的更多信息,请点击此处。
使用Azure.Storage.Blobs,您可以执行以下操作:
public class ManagedIdentityTokenCredentials : TokenCredential
{
private const string Resource = "https://storage.azure.com/";
private readonly string _tenantId;
public ManagedIdentityTokenCredentials(string tenantId)
{
_tenantId = tenantId;
}
public override async ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
var result = await new AzureServiceTokenProvider().GetAuthenticationResultAsync(Resource, _tenantId, cancellationToken: cancellationToken);
return new AccessToken(result.AccessToken, result.ExpiresOn);
}
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
return GetTokenAsync(requestContext, cancellationToken).GetAwaiter().GetResult();
}
}
...
var blobServiceClient = new BlobServiceClient(new Uri($"https://{AccountName}.blob.core.windows.net"), new ManagedIdentityTokenCredentials(TenantId));