我知道我可以获取AAD令牌到存储帐户,并使用资源管理器通过如下所示的REST API获取表存储SAS密钥:
POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/res7439/providers/Microsoft.Storage/storageAccounts/sto1299/ListServiceSas?api-version=2019-06-01
我想知道是否有更简单的方法可以通过.NET SDK进行此操作?
关于此问题,我们可以使用sdk Microsoft.Azure.Management.Storage.Fluent
来实现它。
例如
az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric"
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId, // the sp appId
clientSecret, // the sp password
tenantId, // the sp tenant
AzureEnvironment.AzureGlobalCloud);
RestClient restClient = RestClient.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
var storageClient = new StorageManagementClient(restClient);
storageClient.SubscriptionId = subscriptions;
var groupName = "";
var accountName = "";
var storageCreateParams = new StorageAccountCreateParameters {
Kind = Kind.Storage,
Location = "",
AccessTier = AccessTier.Hot,
Sku = new SkuInner {
Name = SkuName.StandardLRS
}
};
await storageClient.StorageAccounts.CreateAsync(groupName,accountName, storageCreateParams)
AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
clientId, // the sp appId
clientSecret, // the sp password
tenantId, // the sp tenant
AzureEnvironment.AzureGlobalCloud);
RestClient restClient = RestClient.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithCredentials(credentials)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.Build();
var storageClient = new StorageManagementClient(restClient);
storageClient.SubscriptionId = subscriptions;
ServiceSasParameters serviceSas = new ServiceSasParameters {
CanonicalizedResource= "/table/<accountName>/<tableName>",
Permissions=Permissions.Parse("raud"),
SharedAccessExpiryTime= DateTime.UtcNow.AddDays(4)
};
var r =await storageClient.StorageAccounts.ListServiceSASAsync("<groupName>", "<accountName>", serviceSas);
var sasToken=r.ServiceSasToken