Search code examples
c#azureauthenticationazure-blob-storage

Accessing private Azure Blob Storage using BlobServiceClient

When accessing a private S3 bucket in AWS using a C# client all that is needed is an access key and secret key. I have been working on a client application for Azure Blob storage and made the assumption that accessing private containers would work in a similar fashion, using a connection string generated on the Access Keys page in Azure. However I keep getting errors saying I am not authorized to access that resource. If I make the container public the code works perfectly. For instance, here is a stripped down version of the logic used to list the blobs. The connection string is the one from the Azure Access Keys page.

var blobServiceClient = new BlobServiceClient(connectionString);
var containerClient = blobServiceClient.GetBlobContainerClient(containerName);
var blobs = containerClient.GetBlobs();

I need to be able to list the blobs, delete blobs, download them as streams and perform multi part uploads. My existing code actually does all this perfectly until I make the container private. What do I need to do to get this to work? Any advice very much appreciated.

Solution

  • Accessing private Azure Blob Storage using BlobServiceClient using a connection string generated on the Access Keys page in Azure. However I keep getting errors saying I am not authorized to access that resource.

    In my environment, I had one storage account with private container named venkat as below:

    Portal: enter image description here

    Make sure connection string in correct format which you copied from portal, I copied from portal.

    Portal -> Storage account -> Security +networking -> Access key -> Copy the Connection String

    Portal: enter image description here

    Also, make sure Networking is Enabled for all networks like below:

    enter image description here

    Now, using the below code I can able to list,upload,download,delete the blobs with Azure .net SDK.

    Code:

    using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;


namespace AzureBlobStorageExample
{
    class Program
    {
        // Replace with your actual connection string from the Azure Access Keys page
        private static string connectionString = "DefaultEndpointsProtocol=https;AccountName=<storage account name>;AccountKey=T3czZpu1gZ0nLKiCuli9a6tFsnyWw==;EndpointSuffix=core.windows.net";
        private static string containerName = "venkat";

        static async Task Main(string[] args)
        {
            BlobServiceClient blobServiceClient = new BlobServiceClient(connectionString);
            BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);

            Console.WriteLine("Listing blobs in container...");
            await ListBlobsInContainerAsync(containerClient);

            string localFilePath = "C:\\Downloads\\example.png";
            await UploadBlobAsync(containerClient, "example-blob.png", localFilePath);

            string downloadFilePath = "Downloads";
            await DownloadBlobAsync(containerClient, "example-blob.png", downloadFilePath);

            await DeleteBlobAsync(containerClient, "example-blob.png");
        }

        private static async Task ListBlobsInContainerAsync(BlobContainerClient containerClient)
        {
            await foreach (BlobItem blobItem in containerClient.GetBlobsAsync())
            {
                Console.WriteLine($"- {blobItem.Name}");
            }
        }

        private static async Task UploadBlobAsync(BlobContainerClient containerClient, string blobName, string localFilePath)
        {
            BlobClient blobClient = containerClient.GetBlobClient(blobName);
            Console.WriteLine($"Uploading to Blob storage: {blobClient.Uri}");

            await blobClient.UploadAsync(localFilePath, true);
        }

        private static async Task DownloadBlobAsync(BlobContainerClient containerClient, string blobName, string downloadFilePath)
        {
            BlobClient blobClient = containerClient.GetBlobClient(blobName);
            Console.WriteLine($"Downloading blob to {downloadFilePath}");

            await blobClient.DownloadToAsync(downloadFilePath);
        }

        private static async Task DeleteBlobAsync(BlobContainerClient containerClient, string blobName)
        {
            BlobClient blobClient = containerClient.GetBlobClient(blobName);
            Console.WriteLine($"Deleting blob: {blobClient.Uri}");

            await blobClient.DeleteIfExistsAsync();
        }
    }
}

    Output:

    Listing blobs in container...
- AcknowledgementReceipt.pdf
- invoice.pdf
- results.pdf
Uploading to Blob storage: https://venkat326123.blob.core.windows.net/venkat/example-blob.png
Downloading blob to Downloads
Deleting blob: https://venkat326123.blob.core.windows.net/venkat/example-blob.png

    enter image description here

    Reference: Quickstart: Azure Blob Storage library - .NET | Microsoft Learn