Newbie question, but if a storage container is private are my options for accessing via an Azure function to either (1) setup managed identity or (2) use sas tokens to access the container or blobs?
If Im running my app locally, the only way I can seem to access is via a sas uri, but will this be the case when the function is deployed as well?
The use case here is for a triggered function on a blob container. The function will need to evaluate the blob, and move it to a subfolder.
When your Azure Function is deployed in the cloud environment, you can use either 1) Managed Identity or 2) SAS tokens to access the private storage container.
However, Managed Identity would be the recommended approach for securing access to Azure resources in a production deployment. You can enable a managed identity for your Azure Function and grant it the necessary permissions to access the storage container. This method simplifies credential management by allowing Azure to handle the security of the identity.
SAS tokens are generally useful for quick access and local testing. It can be used in a deployed production environment but requires careful management of tokens.
Regarding how you handle the access in a local environment, SAS tokens isn't the only way. You can also configure your local environment to use managed identity by leveraging your developer Azure credentials to authenticate the app to Azure during local development. This article "Authenticate .NET apps to Azure services during local development using developer accounts" could be of help.