是否有.NET SDK通过AAD身份验证获取表存储SAS密钥

问题描述 投票:0回答:1

我知道我可以获取AAD令牌到存储帐户,并使用资源管理器通过如下所示的REST API获取表存储SAS密钥:

POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res7439/providers/Microsoft.Storage/storageAccounts/sto1299/ListServiceSas?api-version=2019-06-01

我想知道是否有更简单的方法可以通过.NET SDK进行此操作?

azure-storage azure-resource-manager
1个回答
0
投票

关于此问题,我们可以使用sdk Microsoft.Azure.Management.Storage.Fluent来实现它。

例如

  1. 创建服务主体(我使用Azure CLI做到这一点]
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"

enter image description here

  1. 创建Azure存储帐户
 AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
                      clientId, // the sp appId
                      clientSecret, // the sp password
                      tenantId, // the sp tenant  
                       AzureEnvironment.AzureGlobalCloud);
            RestClient restClient = RestClient.Configure()
                                   .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                                   .WithCredentials(credentials)
                                   .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                                   .Build();
           var storageClient = new StorageManagementClient(restClient);
            storageClient.SubscriptionId = subscriptions;
          var groupName = "";
            var accountName = "";
            var storageCreateParams = new StorageAccountCreateParameters {
                Kind = Kind.Storage,
                Location = "",
                AccessTier = AccessTier.Hot,
                Sku = new SkuInner {
                    Name = SkuName.StandardLRS
                }



            };
           await storageClient.StorageAccounts.CreateAsync(groupName,accountName, storageCreateParams)
  1. 为Azure表创建sas令牌
 AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
                      clientId, // the sp appId
                      clientSecret, // the sp password
                      tenantId, // the sp tenant  
                       AzureEnvironment.AzureGlobalCloud);
            RestClient restClient = RestClient.Configure()
                                   .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                                   .WithCredentials(credentials)
                                   .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                                   .Build();
           var storageClient = new StorageManagementClient(restClient);
            storageClient.SubscriptionId = subscriptions;
            ServiceSasParameters serviceSas = new ServiceSasParameters { 
               CanonicalizedResource= "/table/<accountName>/<tableName>",
               Permissions=Permissions.Parse("raud"),
              SharedAccessExpiryTime= DateTime.UtcNow.AddDays(4)

            };
            var r =await storageClient.StorageAccounts.ListServiceSASAsync("<groupName>", "<accountName>", serviceSas);
            var sasToken=r.ServiceSasToken
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.