Managed identity only creates an empty container but not a blob

Question

I am trying to use managed identity to access my Azure Storage account. I am the only user and owner of the Storage Account. I am able to create a container but I am not able to upload a blob. I have wasted 2 hours on this. I am not sure what I am missing

var blobServiceClient = new BlobServiceClient(
    new Uri($"https://{AccountName}.blob.core.windows.net"),
    new AzureCliCredential());

// This works - I can create a container
// var response = blobServiceClient.CreateBlobContainer(ContainerName);

var blobContainerClient = blobServiceClient.GetBlobContainerClient(ContainerName);

var blobClient = blobContainerClient.GetBlobClient(BlobName);

using var writeStream = blobClient.OpenWrite(true);
var sampleId = Guid.Parse("971f7aaf-933c-487e-b6d1-95613275e00b");
var bytes = sampleId.ToByteArray();
writeStream.Write(bytes);
writeStream.Close();

This gives me 401.

I have done az login I can do az account list and see that I am logged in. This is my personal Azure account so I have all the roles. I have tried all the alternatives when creating a Blobclient or a BlobContainerClient like:

var blobClient = new BlobClient(
    new Uri($"https://{AccountName}.blob.core.windows.net/{ContainerName}/test"),
    new DefaultAzureCredential());

Nothing works. Only creating a container work for some reason. I have made no changes to the Storage Account. From Azure Portal it shows I am the owner

I am logged in using az login

I can perform any action using the az cli but why would AzureCliCredential or the DefaultAzureCredential won't work when using it with the SDK

Answer 1

I agree with @Gaurav Mantri's comment make sure to assign Blob Storage Contributor role like below:

In storage account add Blob Storage Contributor role like below:

Now when I ran the code got result successfully like below:

using Azure.Identity;
using Azure.Storage.Blobs;
 
namespace ConsoleApp
{
    class Program
    {
        static async Task Main(string[] args)
        {
            string accountName = "XXXXX";
            string containerName = "sample";
            string blobName = "test8.txt";
 
            var blobServiceClient = new BlobServiceClient(
                new Uri($"https://{accountName}.blob.core.windows.net"),
                new DefaultAzureCredential());
 
            var blobContainerClient = blobServiceClient.GetBlobContainerClient(containerName);
 
            var blobClient = blobContainerClient.GetBlobClient(blobName);
 
            using var writeStream = blobClient.OpenWrite(true);
            var sampleId = Guid.Parse("971f7aaf-933c-487e-b6d1-95613275e00b");
            var bytes = sampleId.ToByteArray();
            await writeStream.WriteAsync(bytes);
 
            Console.WriteLine($"Blob {blobName} created successfully.");
        }
    }
}

Output:

Blob test8.txt created successfully.

Reference:

Quickstart: Azure Blob Storage library - .NET | Microsoft Learn