Connecting App to Azure Storage Account with AccesToken?

All replies

  • Our Cloud service application needs to access the data plane of a storage account.

    And we would like to do away with shared secrets.  But as far as I can tell, we still need to use the shared key to open up access to the cloud service.  We are currently using Microsoft.WindowsAzure.Storage nuget libraries.

    We have taken steps to remove all secrets\keys from the cloud service configuration and web\app .config files by migrating them to the Azure Key Vault.  In this model we are able to configure the key vault to be read by the Application's AzureAD ServicePrinciple.  The API's for connecting to the Key Vault support using a token granted using APIs in Microsoft.IdentityModel.Clients.ActiveDirectory.  It would be really slick if we could request a token in a similar way and use that to open up a connection to the storage account.

    Wednesday, May 11, 2016 10:13 PM
  • Yes, currently to generate a SAS token, an issuer will need to have account key.

    we have plans to support true role based access control in our roadmap to solve your scenario. if you have any requirements you want to share, please let me know  dineshm at Microsoft dot com.

    Wednesday, May 25, 2016 11:24 PM