是否有.NET SDK通过AAD身份验证获取表存储SAS密钥

Question

我知道我可以获取AAD令牌到存储帐户，并使用资源管理器通过REST API来获取表存储SAS密钥，如下所示：

<div class="preloader-wrapper">
    <div class="preloader">
        <img src="images/Preloader.gif" alt="" >
    </div>
</div> 


//javaScript
$(document).ready(function($) {
    var Body = $('body');
    Body.addClass('preloader-site');
    });
$(window).load(function() {
    $('.preloader-wrapper').fadeOut();
    $('body').removeClass('preloader-site');
});

我想知道是否可以通过.NET SDK来实现此目的？

Answer 1

关于此问题，我们可以使用sdk Microsoft.Azure.Management.Storage.Fluent来实现。

例如

1. 创建服务主体（我使用Azure CLI做到这一点）

az login
az account set --subscription "<your subscription id>"
# the sp will have Azure Contributor role
az ad sp create-for-rbac -n "readMetric" 

1. 创建Azure存储帐户

 AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
                      clientId, // the sp appId
                      clientSecret, // the sp password
                      tenantId, // the sp tenant  
                       AzureEnvironment.AzureGlobalCloud);
            RestClient restClient = RestClient.Configure()
                                   .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                                   .WithCredentials(credentials)
                                   .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                                   .Build();
           var storageClient = new StorageManagementClient(restClient);
            storageClient.SubscriptionId = subscriptions;
          var groupName = "";
            var accountName = "";
            var storageCreateParams = new StorageAccountCreateParameters {
                Kind = Kind.Storage,
                Location = "",
                AccessTier = AccessTier.Hot,
                Sku = new SkuInner {
                    Name = SkuName.StandardLRS
                }



            };
           await storageClient.StorageAccounts.CreateAsync(groupName,accountName, storageCreateParams)

1. 为Azure表创建sas令牌

 AzureCredentials credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
                      clientId, // the sp appId
                      clientSecret, // the sp password
                      tenantId, // the sp tenant  
                       AzureEnvironment.AzureGlobalCloud);
            RestClient restClient = RestClient.Configure()
                                   .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                                   .WithCredentials(credentials)
                                   .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                                   .Build();
           var storageClient = new StorageManagementClient(restClient);
            storageClient.SubscriptionId = subscriptions;
            ServiceSasParameters serviceSas = new ServiceSasParameters { 
               CanonicalizedResource= "/table/<accountName>/<tableName>",
               Permissions=Permissions.Parse("raud"),
              SharedAccessExpiryTime= DateTime.UtcNow.AddDays(4)

            };
            var r =await storageClient.StorageAccounts.ListServiceSASAsync("<groupName>", "<accountName>", serviceSas);
            var sasToken=r.ServiceSasToken