question

mpazure-6320 avatar image
0 Votes"
mpazure-6320 asked hamzabenmehidi-1364 commented

Authentication method: for container changes from (Switch to Azure AD User Account) to 'Access Key' after file copy using 'azcopy cp'

Hi,

I've configured a Container to use Azure AD User Accounts, and given the appropriate IAM role to users. Users can copy files after 'azcopy login' using their Azure AD user id. 'azcopy cp' copied the file successfully, but when I refresh the container page in the portal, it says, "Authentication method: Access key" !! If a user trys another copy using their Azure AD id, the copy is successful, eventhough the container still shows 'Authentication method: Access key' So I have two questions 1)Why is the UI changing the 'Authentication method' , after a file is copied? and 2)if the Authentication method, is 'Access key', how can subsequent copies using Azure AD ids, be successfull? azcopy version is 10.8.0

INFO: Authenticating to destination using Azure AD
0.0 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total,
Job 9c0abc94-d5f6-614d-56cf-467d55381ab1 summary
Elapsed Time (Minutes): 0.0334
Number of File Transfers: 1
Number of Folder Property Transfers: 0
Total Number of Transfers: 1
Number of Transfers Completed: 1

azure-blob-storage
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered hamzabenmehidi-1364 commented

@mpazure-6320
When viewing the container in the portal and it says "Authentication method: Access key" this only applies to your user that is currently logged in. Since I am assuming you are an admin account you will be able to access the storage access key and view/upload blobs from the portal. Think of the toggle in the portal as the difference between using --auth-mode login and --auth-mode key in the CLI. Anyone with a storage access key will be able to modify container data just like anyone with the proper role assigned will be able to. Toggling the authentication method in the portal will not change this.

Hopefully that helps clear this up. Let us know if you have further issues or questions and we will be happy to help.



Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sorry but it's a bit confusing , how can we specify the auth methode using powershell ? or how to check the actual method ? i get that you can specify the auth methode to be used while runing a command , but i haven't found any way (other than the portal) to modify the authentication method.

i other word can for instance allow only authentication via Access key ?

1 Vote 1 ·
mpazure-6320 avatar image
0 Votes"
mpazure-6320 answered

thanks, I see it now. The setting in the UI, just changes the authentication method, for the user logged in to the UI, for them to browse the contents of the Container. And because the admin user has access to the 'storage access key' as well as being in the IAM role, to access the storage using their Azure AD id, the UI reverts to 'Access key' if they leave the Container, and go back into it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.