How to use Azure App Service Auth in web app to control blob access - Stack Overflow

admin管理员组

文章数量:1122832

Hoping someone can help me with some gaps in my understanding of how to use the azure app service authentication component. I'm trying to write a simple web app (in this case python/flask) that allows a user to login, chose a container and upload a blob. The containers available should be constrained by the signed in users access

What I currently have

My web app is published to Azure and running. The BlobServiceClient is being constructed using DefaultAzureCredential() and so to do this I've enabled system assigned identity in the web app and granted it blob access. At this point, only users assigned to the enterprise app can sign in (great) but the list of containers available and the upload itself are being performed as the managed identity (not what I'd like)

token_credential = DefaultAzureCredential()
blob_service_client = BlobServiceClient(account_url, credential=token_credential)

def list_containers_prefix(blob_service_client: BlobServiceClient):
    container_name_list = []
    containers = blob_service_client.list_containers(name_starts_with='project')
    for container in containers:
        container_name = container['name']
        container_name_list.append(container_name)
    return container_name_list

I'm confused as to what I need to do to get to my end goal. I've seen a couple of roughly similar scenarios (function apps) using two app registrations and user_impersonation but I didn't fully understand the reasoning or logic. I've also wondered whether I can use AppServiceAuthSession cookie or /.auth/me to build the credential for the blob client but before I figure out how to do that via flask Id like some help validating the correct approach. Maybe I should just use standard MSAL libraries instead? I was hoping the Azure auth service would make things easier.

Any guidance much appreciated

Thanks

本文标签： How to use Azure App Service Auth in web app to control blob accessStack Overflow