使用托管标识访问存储帐户的范围
Scope for Accessing Storage Account using Managed Identity
我在这个 manner.The 中使用托管身份访问 azure 数据库 Azure 应用程序注册用于获取令牌,令牌以相同的方式传递给 connection.In,我该怎么做连接到存储帐户并写入容器?在这种情况下,scope 是什么?
AuthenticationResult authenticationResult = null;
var _app = ConfidentialClientApplicationBuilder.Create(Environment.GetEnvironmentVariable("ClientId"))
.WithAuthority(string.Format(Environment.GetEnvironmentVariable("AADInstance"), Environment.GetEnvironmentVariable("Tenant")))
.WithClientSecret(Environment.GetEnvironmentVariable("ClientSecret")).Build();
authenticationResult = _app.AcquireTokenForClient(new string[] { "https://database.windows.net/.default" }).ExecuteAsync().Result;
using (SqlConnection conn = new SqlConnection(Environment.GetEnvironmentVariable("DBConnection")))
{
conn.AccessToken = authenticationResult.AccessToken;
conn.Open();
using (SqlCommand cmd = new SqlCommand("SELECT * FROM mytable", conn))
{
var result = cmd.ExecuteScalar();
Console.WriteLine(result);
}
}
对于 Azure 存储,范围将为 https://storage.azure.com/.default。
有关详细信息,请参阅此 link:https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?tabs=dotnet#azure-storage-resource-id。
Azure 存储使用此范围:
https://storage.azure.com/.default
也就是说,有了新的 Azure Storage SDK and Azure.Identity,您实际上不需要知道这一点。
您可以像这样使用它们:
var credential = new ClientSecretCredential(tenantId: "", clientId: "", clientSecret: "");
var blobUrl = "https://accountname.blob.core.windows.net";
var service = new BlobServiceClient(new Uri(blobUrl), credential);
var container = service.GetBlobContainerClient("container");
var blob = container.GetBlobClient("file.txt");
// TODO: Write the file
我在这个 manner.The 中使用托管身份访问 azure 数据库 Azure 应用程序注册用于获取令牌,令牌以相同的方式传递给 connection.In,我该怎么做连接到存储帐户并写入容器?在这种情况下,scope 是什么?
AuthenticationResult authenticationResult = null;
var _app = ConfidentialClientApplicationBuilder.Create(Environment.GetEnvironmentVariable("ClientId"))
.WithAuthority(string.Format(Environment.GetEnvironmentVariable("AADInstance"), Environment.GetEnvironmentVariable("Tenant")))
.WithClientSecret(Environment.GetEnvironmentVariable("ClientSecret")).Build();
authenticationResult = _app.AcquireTokenForClient(new string[] { "https://database.windows.net/.default" }).ExecuteAsync().Result;
using (SqlConnection conn = new SqlConnection(Environment.GetEnvironmentVariable("DBConnection")))
{
conn.AccessToken = authenticationResult.AccessToken;
conn.Open();
using (SqlCommand cmd = new SqlCommand("SELECT * FROM mytable", conn))
{
var result = cmd.ExecuteScalar();
Console.WriteLine(result);
}
}
对于 Azure 存储,范围将为 https://storage.azure.com/.default。
有关详细信息,请参阅此 link:https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-app?tabs=dotnet#azure-storage-resource-id。
Azure 存储使用此范围:
https://storage.azure.com/.default
也就是说,有了新的 Azure Storage SDK and Azure.Identity,您实际上不需要知道这一点。 您可以像这样使用它们:
var credential = new ClientSecretCredential(tenantId: "", clientId: "", clientSecret: "");
var blobUrl = "https://accountname.blob.core.windows.net";
var service = new BlobServiceClient(new Uri(blobUrl), credential);
var container = service.GetBlobContainerClient("container");
var blob = container.GetBlobClient("file.txt");
// TODO: Write the file