Create Managed identities and assign roles: https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-msi?toc=%2fazure%2fstorage%2fblobs%2ftoc.json
Acquire an access token: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token
Note: Without connectionString, when running locally, AzureServiceTokenProvider
will first try to get token
from 169.254.169.25 and timeout. This step is unnecessary and slows down the program. This issue is discussed in https://github.com/Azure/azure-sdk-for-net/issues/4645. To solve it, add connectionString to force getting token from local. But make sure to remove it when deploying to Azure.
AzureServiceTokenProvider
doesn’t work with user-assigned managed identities. To use user-assigned managed identities, an HTTP call is required.
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.WindowsAzure.Storage.Auth;
using Microsoft.WindowsAzure.Storage.Blob;
using System;
namespace storage_msi
{
class Program
{
static void Main(string[] args)
{
// Only use this connectionString for local development.
var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=Developer; DeveloperTool=VisualStudio");
string accessToken = azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/").Result;
Console.WriteLine(accessToken);
// Create storage credentials from your managed identity access token.
TokenCredential tokenCredential = new TokenCredential(accessToken);
StorageCredentials storageCredentials = new StorageCredentials(tokenCredential);
// Create a block blob using the credentials.
CloudBlockBlob blob = new CloudBlockBlob(new Uri("https://jlst.blob.core.windows.net/pic/Blob1.txt"), storageCredentials);
blob.UploadText("test");
}
}
}