In the Azure Portal, clicking the download button didn't work, because of the same issue as my application. I could download the blob because the application uses an SAS token.
(In Azure-speak, I was accessing the control-plane, not the data-plane.) In the Storage Explorer application, I connected to the storage account by browsing the resources in the subscription. Those tools succeed because they authenticate to Azure Storage differently! In the portal, I was accessing the metadata, not the blob contents. And, I can use the Storage Explorer application to download the blob. What baffled me was that I can use the Storage Explorer (preview) blade in the portal to view the blob metadata. Status: 403 (This request is not authorized to perform this operation using this permission.)ĮrrorCode: AuthorizationPermissionMismatch Instead of getting the blob data, I received an error: This request is not authorized to perform this operation using this permission.
Ms azure storage explorer download code#
With my code updated, and my Visual Studio account updated, I ran my program. The DefaultAzureCredential will attempt to authenticate via the following mechanisms in order. This is because the DefaultAzureCredential combines credentials commonly used to authenticate when deployed, with credentials used to authenticate in a development environment. The DefaultAzureCredential is appropriate for most scenarios where the application is intended to ultimately be run in the Azure Cloud. The following paragraph and image are copied from the docs: DefaultAzureCredential The Azure SDK team has done a good job of describing how the Azure.Identity credential classes can acquire a token for services that support Azure AD authorization. Recommended Approach: Azure.Identity TokenCredential (Read the docs for a discussion of Authorizing access to data in Azure Storage.) The latest SDKs help use this approach. Rather than store a connection string, I recommend using a service principal and RBAC. In the past, our code would typically access a storage account using a connection string. If you are transitioning your code to use Azure.Identity, this post may be helpful. I made an assumption about the permissions granted to my organizational account. I stumbled a bit today when trying to access a blob in Azure Storage. Understanding Azure Storage data access permissions 03 September 2020 by Paul Schaeflein
0 kommentar(er)
