Access azure blob from x++ to upload file through managed identity

piku
November 15, 2024
131 views
0 votes
2 Answers

we have utlise this link and others to upload a file from x++ to azure blob via SAS token. However, we want to achive the same via managed identity as the internal security has forbidden usage of Keys. I know that this involvs

Registering an Appid
Providing IAM access to the blob storage as data contributor/data owner role for the app id.
Generating access token in x++ based on tenantid, appid, secret, scope
utilise the access token to upload the file to azure blob.

I am unable to achieve step 4 via x++ code. Please help and also suggest any alternative OOB solution if applicable.

thanks.

Answers

Chosen as BEST ANSWER

thanks for the response. Below is how we have achieved for x++ however i will accept the .net solution which is also ans to this post considering the effort made for the reponse :)

using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.Blob;
using Microsoft.WindowsAzure.Storage.Auth;
using Microsoft.IdentityModel.Client.ActiveDirectory;
using Sysem.Threading.Tasks;
using Azure.Storage.Blobs;

public class generateTokenViaManagedIdentity
{
    public static void main(Args _args)
    {
    //Generate azure blob token
    //Provide clientid as storage blob data contributor to the blob storage 
    str authurl = @"https://login.microsoftonline.com/tenantid/";
    str clientID = "";
    str clientsecret = "";


    str accesstoken;

    ClientCredential    clientCredentials = new ClientCredential(clientid, clientsecret);
    AuthenticationContext   authContext = new AuthenticationContext(authurl, true);

    AuthenticationResult result = authContext.AcquireToken(@"https://storage.azure.com/",clientCredentials);


    accesstoken = result.AccessToken;

  //Upload to azureblob via managedidentity authentication
   TokenCredential tokenCredential = new TokenCredential(accesstoken);

   StorageCredentials   credentials = new 
   StorageCredentials(tokenCredential);

   CloudStorageAccount storageAccount = new 
   CloudStorageAccount(credentials,"AzureBlobName","core.windows.net", true);

  //below ref code for sas key
  //StorageCredentials  credentials = new 
  //StorageCredentials("AzureBlobName","SASKEY");
  //CloudStorageAccount storageAccount = new CloudStorageAccount(credentials, true);

   CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
   CloudBlobContainer rootContainer = 
   blobClient.GetContainerReference('ContainerName')

   if(!rootContainer.Exists(null,null))
   {
      warning('azure storageparam are not set properly');
   }

   CloudBlockBlob   cloudBlockBlob = rootContainer.GetBlockBlobReference(@'filelocalpath');

   if(cloudblockblob.Exists(null,null))
   {
      info("file exists");
   }
}
}

(Edit)

Initially, I registered one application and granted Storage API permission in it as below:

Under storage account, I added "Storage Blob Data Contributor" role to above application like this:

In my case, I used below sample c# code to upload file to Azure Storage account:

using Azure.Identity;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;

namespace AzureBlobUploadApp
{
    class Program
    {
        private static async Task Main(string[] args)
        {
            string tenantId = "tenantId";
            string clientId = "appId";
            string clientSecret = "secret";
            string storageAccountName = "sridemostor1411";
            string containerName = "sri";
            string blobName = "logo.jpg";
            string filePath = "C:\test\logo.jpg";

            var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);
            await UploadFileToBlobAsync(storageAccountName, containerName, blobName, filePath, credential);
        }

        private static async Task UploadFileToBlobAsync(string storageAccountName, string containerName, string blobName, string filePath, ClientSecretCredential credential)
        {
            string blobUri = $"https://{storageAccountName}.blob.core.windows.net/{containerName}/{blobName}";
            var blobClient = new BlobClient(new Uri(blobUri), credential);

            using FileStream fileStream = File.OpenRead(filePath);
            await blobClient.UploadAsync(fileStream, new BlobHttpHeaders { ContentType = "application/octet-stream" });

            Console.WriteLine("File uploaded successfully!");
        }
    }
}

Response:

To confirm that, I checked the same in Azure Portal where file uploaded successfully as below:

Please signup or login to give your own answer.

Click here to cancel reply.