Login/Register
Access Azure Table Storage with Azure MSI
Asked Answered
Solved azure.net-coreazure-blob-storageazure-table-storageazure-managed-identity
G

2

6

I recently setup my .net core application to use MSI (Managed Identity) to communicate with Azure Blob.

Does MSI work with Azure Table Storage? Can't seem to find any documentation on it.

I am trying to use MSI so I don't have to manage my keys anymore (keyless).

Granuloma answered 30/11, 2018 at 20:50 Comment(0)
F
3

Azure Table Storage does not support MSI. Table Storage does support Active Directory access. You can find the services that support MSI at the below link...

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-msi

Managed identity provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Flyer answered 30/11, 2018 at 21:15 Comment(10)
but the on the list it has "Azure Storage" under public preview. Isn't Azure table under Azure Storage?Granuloma
hmm sorry I guess I am confused. It is possible to turn on Managed Identity and use that to authenticate your application to blob storage learn.microsoft.com/en-us/azure/storage/common/…. Is that not possible for table storage?Granuloma
Sorry I wasn't very clear. The tutorial above is for blob storage (not table storage). The reason I asked for table storage is because you need to assign specific role for it to work. For example, if you want to grant access to blob, you give role Storage Blob Data Reader . There is also a role for queue, but I didn't found one for table :(Granuloma
There is also a role for queue, but I didn't found one for table - The reason for this being Azure Tables is moved under Cosmos DB. That's why you don't see any enhancements done to Azure Tables recently. Azure Storage will continue to support Azure Tables though.Build
Attempt to access Azure Table Storage with AD account unfortunately gives the error: System.InvalidOperationException: 'Token credential is not supported for this service. :(Sims
@vlad-rudenko please see Gaurav's response above you. My guess is that the access is under Cosmo DB, storage won't accept access to tables. I haven't tried it and would request Microsoft enhance their documentation (which they are absolutely terrible at).Flyer
Table API for Cosmos DB is completely different storage that trying to mimic Table Storage. The Cosmos DB has completely different pricing (usually the cost will be much higher) and has quite a lot of differences with original Table Storage: learn.microsoft.com/en-us/azure/cosmos-db/…Sims
The most funny (and actually breaking) difference/limitation here is "Query results returned by the Table API aren't sorted in partition key/row key order as they are in Azure Table storage." despite the fact that "Cosmos DB automatically indexes all data" :)Sims
@VladRudenko I'm not sure what you mean. Table storage has already been moved to Cosmos DB. koukia.ca/… How the data is indexed and partitioned is irrelevant to the OPs question, which was about MSI. Table storage does not offer MSI access and if using MSI access is required then the option is to use Cosmos DB.Flyer
@Rthomas529 I mean that at least currently for a lot of application the Table API for Cosmos DB could not be considered as "one-click" replacement for existing Azure Table Storage, due to a lot of incompatibilities and also higher pricing.Sims
B
4

This is now supported using the latest version of https://www.nuget.org/packages/Azure.Data.Tables/ (12.2.1)

You can now create an client using something like

  var tableServiceClient = new TableServiceClient(uri, new DefaultAzureCredential());

Make sure you've assigned the correct permissions in Azure for the user to read from the resource

Belittle answered 2/11, 2021 at 12:28 Comment(0)
F
3

Azure Table Storage does not support MSI. Table Storage does support Active Directory access. You can find the services that support MSI at the below link...

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-msi

Managed identity provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Flyer answered 30/11, 2018 at 21:15 Comment(10)
but the on the list it has "Azure Storage" under public preview. Isn't Azure table under Azure Storage?Granuloma
hmm sorry I guess I am confused. It is possible to turn on Managed Identity and use that to authenticate your application to blob storage learn.microsoft.com/en-us/azure/storage/common/…. Is that not possible for table storage?Granuloma
Sorry I wasn't very clear. The tutorial above is for blob storage (not table storage). The reason I asked for table storage is because you need to assign specific role for it to work. For example, if you want to grant access to blob, you give role Storage Blob Data Reader . There is also a role for queue, but I didn't found one for table :(Granuloma
There is also a role for queue, but I didn't found one for table - The reason for this being Azure Tables is moved under Cosmos DB. That's why you don't see any enhancements done to Azure Tables recently. Azure Storage will continue to support Azure Tables though.Build
Attempt to access Azure Table Storage with AD account unfortunately gives the error: System.InvalidOperationException: 'Token credential is not supported for this service. :(Sims
@vlad-rudenko please see Gaurav's response above you. My guess is that the access is under Cosmo DB, storage won't accept access to tables. I haven't tried it and would request Microsoft enhance their documentation (which they are absolutely terrible at).Flyer
Table API for Cosmos DB is completely different storage that trying to mimic Table Storage. The Cosmos DB has completely different pricing (usually the cost will be much higher) and has quite a lot of differences with original Table Storage: learn.microsoft.com/en-us/azure/cosmos-db/…Sims
The most funny (and actually breaking) difference/limitation here is "Query results returned by the Table API aren't sorted in partition key/row key order as they are in Azure Table storage." despite the fact that "Cosmos DB automatically indexes all data" :)Sims
@VladRudenko I'm not sure what you mean. Table storage has already been moved to Cosmos DB. koukia.ca/… How the data is indexed and partitioned is irrelevant to the OPs question, which was about MSI. Table storage does not offer MSI access and if using MSI access is required then the option is to use Cosmos DB.Flyer
@Rthomas529 I mean that at least currently for a lot of application the Table API for Cosmos DB could not be considered as "one-click" replacement for existing Azure Table Storage, due to a lot of incompatibilities and also higher pricing.Sims

© 2022 - 2024 — McMap. All rights reserved.