Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,436 questions
403 Exception trying to access blob in desktop client
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 16%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Leon H
0
Reputation points
A file in the pic is being accessed in my code and throws 403 exception in OpenReadAsync. That despite that I assigned read/write permission to all users in Azure AD. I am using this code and all the parameters and URL are correct. The strange part is that my web service copies the files to Azure Blob just fine and I can see the files in the container...
` private async Task FetchAndDisplayDocument(string blobUrl)
{
using (Log.VerboseCall())
{
try
{
var credential = new ClientSecretCredential(_azConfig.AzureAD.TenantId, _azConfig.AzureAD.ClientId, _azConfig.AzureAD.ClientSecret);
// Instantiate a BlobClient which will be used to create or reference a blob
var blobClient = new BlobClient(new Uri(blobUrl), credential);
// Download the blob's contents as a stream
Stream blobStream = await blobClient.OpenReadAsync();
// Assuming you have a method to display this stream content in your right pane
// and assuming 'this' is a Form or Control that has a method named DisplayDocumentStream
this.Invoke((MethodInvoker)delegate
{
DisplayDocumentStream(blobStream);
});
}
catch(RequestFailedException ex)
{
Log.Verbose($"{ex.Message}");
this.Invoke((MethodInvoker)delegate
{
XtraMessageBox.Show(ex.Message, Properties.Settings.Default.AppTitle,
MessageBoxButtons.OK, MessageBoxIcon.Warning);
return;
});
}
}
}`
So I concluded that the problem is in configuring Azure AD/Entra.
I registered my desktop app and have the following.
In API Permissions:
In the "Expose and API" section:
In the App Roles:
I have Storage Account of V2 Kind.
In Access Control (IAM): (all these users/admins is me)
So, I was banging my head against the wall for a day and can't figure out what am I doing wrong...
I hope I did not forget to show any other significant settings and did not expose too much.
Azure Blob Storage
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
963 questions
Microsoft Entra Private Access
Microsoft Entra Private Access
Microsoft Entra Private Access provides secure and deep identity-aware, Zero Trust network access to all private apps and resources.
42 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 81%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Amrinder Singh 2,195 Reputation points Microsoft Employee2024-04-23T13:35:16.9233333+00:00 Hi @Leon H - Thanks for reaching out.
Can you confirm if your storage account doesn't have any kind of firewall and VNET restrictions.
Do you have the complete exception stack trace including failed request ID (typically ending with 6 0's)
-
Karen Lopez 6 Reputation points MVP2024-04-23T15:47:19.32+00:00 Exactly how did you add the rights? Storage Contributor/Reader?
Sign in to comment