Cannot generate container sas token using managed identities
Using c# I'm trying to generate SAS tokens for containers;
The identity I'm using has the following roles assigned to it
Storage Blob Data Contributor
Storage Blob Data Owner
Storage Account Contributor
When running the following code
//_blobServiceClient is instanciated using managed identity credentials
BlobContainerClient blobContainerClient = this._blobServiceClient.GetBlobContainerClient(blobContainerName);
await blobContainerClient.CreateIfNotExistsAsync(PublicAccessType.None).ConfigureAwait(false);
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = blobContainerName,
ExpiresOn = DateTime.UtcNow.AddDays(30)
};
sasBuilder.SetPermissions(BlobContainerSasPermissions.Read
| BlobContainerSasPermissions.List
| BlobContainerSasPermissions.Write
| BlobContainerSasPermissions.Filter);
return blobContainerClient.GenerateSasUri(sasBuilder);
the blobContainerClient.CanGenerateSasUri property seem to be always set to false. Am I missing some roles?
is it even possible to generate container sas tokens using managed identities authentication?
the blobContainerClient.CanGenerateSasUri property seem to be always set to false.
The reason it is coming as false is because you are using Managed Identity to generate a SAS token and this method will return true only when you are using Account Key for generating SAS token. (Reference)
is it even possible to generate container sas tokens using managed identities authentication?
Yes, it is entirely possible to do so. However the process of generating the SAS token using Managed Identity is different. For this, you would first need to get a user delegation key (BlobServiceClient.GetUserDelegationKeyAsync Method) and then use that key to generate a SAS token. To learn more about it, please see this: https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas.
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- How memory address for pointer to arrays is same as an element in 2D array?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- Avoiding strcpy overflow destination warning
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended
- How to refactor repetition inside a Makefile?
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct
- Character array typecasting to integer
- Handling HTTP Headers in a Minimal C HTTP Server
- How to get the sign, mantissa and exponent of a floating point number
- Why do MCU libraries use logic operations instead of bitfield structs?
- What kind of implementation can I use for a static associative array on a vintage system with very limited resources?
- Clarification - Struct Bitfield memory layout