是否有 .NET SDK 可以通过 AAD 身份验证获取 table 存储 SAS 密钥
Is there .NET SDK to get table storage SAS key with AAD authentication
我知道我可以获取存储帐户的 AAD 令牌并使用资源管理器通过 REST API 获取 table 存储 SAS 密钥,如下所示:
POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res7439/providers/Microsoft.Storage/storageAccounts/sto1299/ListServiceSas?api-version=2019-06-01
我想知道是否有更简单的方法通过 .NET SDK 执行此操作?
关于这个问题,我们可以使用sdkMicrosoft.Azure.Management.Storage.Fluent来实现。
例如
- 创建服务主体(我使用 Azure CLI 来完成)
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
- 创建 Azure 存储帐户
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId, // the sp appId
clientSecret, // the sp password
tenantId, // the sp tenant
AzureEnvironment.AzureGlobalCloud);
RestClient restClient = RestClient.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
var storageClient = new StorageManagementClient(restClient);
storageClient.SubscriptionId = subscriptions;
var groupName = "";
var accountName = "";
var storageCreateParams = new StorageAccountCreateParameters {
Kind = Kind.Storage,
Location = "",
AccessTier = AccessTier.Hot,
Sku = new SkuInner {
Name = SkuName.StandardLRS
}
};
await storageClient.StorageAccounts.CreateAsync(groupName,accountName, storageCreateParams)
- 为 Azure 创建 sas 令牌 table
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId, // the sp appId
clientSecret, // the sp password
tenantId, // the sp tenant
AzureEnvironment.AzureGlobalCloud);
RestClient restClient = RestClient.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
var storageClient = new StorageManagementClient(restClient);
storageClient.SubscriptionId = subscriptions;
ServiceSasParameters serviceSas = new ServiceSasParameters {
CanonicalizedResource= "/table/<accountName>/<tableName>",
Permissions=Permissions.Parse("raud"),
SharedAccessExpiryTime= DateTime.UtcNow.AddDays(4)
};
var r =await storageClient.StorageAccounts.ListServiceSASAsync("<groupName>", "<accountName>", serviceSas);
var sasToken=r.ServiceSasToken
我知道我可以获取存储帐户的 AAD 令牌并使用资源管理器通过 REST API 获取 table 存储 SAS 密钥,如下所示:
POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res7439/providers/Microsoft.Storage/storageAccounts/sto1299/ListServiceSas?api-version=2019-06-01
我想知道是否有更简单的方法通过 .NET SDK 执行此操作?
关于这个问题,我们可以使用sdkMicrosoft.Azure.Management.Storage.Fluent来实现。
例如
- 创建服务主体(我使用 Azure CLI 来完成)
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
- 创建 Azure 存储帐户
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId, // the sp appId
clientSecret, // the sp password
tenantId, // the sp tenant
AzureEnvironment.AzureGlobalCloud);
RestClient restClient = RestClient.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
var storageClient = new StorageManagementClient(restClient);
storageClient.SubscriptionId = subscriptions;
var groupName = "";
var accountName = "";
var storageCreateParams = new StorageAccountCreateParameters {
Kind = Kind.Storage,
Location = "",
AccessTier = AccessTier.Hot,
Sku = new SkuInner {
Name = SkuName.StandardLRS
}
};
await storageClient.StorageAccounts.CreateAsync(groupName,accountName, storageCreateParams)
- 为 Azure 创建 sas 令牌 table
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId, // the sp appId
clientSecret, // the sp password
tenantId, // the sp tenant
AzureEnvironment.AzureGlobalCloud);
RestClient restClient = RestClient.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
var storageClient = new StorageManagementClient(restClient);
storageClient.SubscriptionId = subscriptions;
ServiceSasParameters serviceSas = new ServiceSasParameters {
CanonicalizedResource= "/table/<accountName>/<tableName>",
Permissions=Permissions.Parse("raud"),
SharedAccessExpiryTime= DateTime.UtcNow.AddDays(4)
};
var r =await storageClient.StorageAccounts.ListServiceSASAsync("<groupName>", "<accountName>", serviceSas);
var sasToken=r.ServiceSasToken