{"id":15410576,"url":"https://github.com/damienbod/aspnetcoreentraidblobstorage","last_synced_at":"2025-10-06T19:55:29.430Z","repository":{"id":37006110,"uuid":"336219878","full_name":"damienbod/AspNetCoreEntraIdBlobStorage","owner":"damienbod","description":"ASP.NET Core Razor page using Azure Blob Storage to upload download files securely using OAuth and Open ID Connect","archived":false,"fork":false,"pushed_at":"2025-02-07T20:09:32.000Z","size":4713,"stargazers_count":28,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-15T16:58:21.498Z","etag":null,"topics":["aad","aspnet-core","azure","azuread","blob","entraid","me-id","microsoftidentity","oauth","oidc","sql","storage"],"latest_commit_sha":null,"homepage":"https://damienbod.com/2024/02/12/using-blob-storage-from-asp-net-core-with-entra-id-authentication/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/damienbod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-05T09:10:44.000Z","updated_at":"2025-03-12T11:04:25.000Z","dependencies_parsed_at":"2023-02-12T15:45:48.567Z","dependency_job_id":"7d0b1ebc-8aea-4a8d-85e1-48c4d4c6f34a","html_url":"https://github.com/damienbod/AspNetCoreEntraIdBlobStorage","commit_stats":{"total_commits":205,"total_committers":1,"mean_commits":205.0,"dds":0.0,"last_synced_commit":"545bf875b95abd0f66541ffb10215b2ecade6d13"},"previous_names":["damienbod/aspnetcoreentraidblobstorage"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/damienbod/AspNetCoreEntraIdBlobStorage","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreEntraIdBlobStorage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreEntraIdBlobStorage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreEntraIdBlobStorage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreEntraIdBlobStorage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/damienbod","download_url":"https://codeload.github.com/damienbod/AspNetCoreEntraIdBlobStorage/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FAspNetCoreEntraIdBlobStorage/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278671743,"owners_count":26025744,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aad","aspnet-core","azure","azuread","blob","entraid","me-id","microsoftidentity","oauth","oidc","sql","storage"],"created_at":"2024-10-01T16:45:07.216Z","updated_at":"2025-10-06T19:55:29.410Z","avatar_url":"https://github.com/damienbod.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"![.NET](https://github.com/damienbod/AspNetCoreAzureAdAzureStorage/workflows/.NET/badge.svg)\r\n\r\n# ASP.NET Core using Azure Blob storage \r\n\r\n## Blogs\r\n\r\n- [Using Blob storage from ASP.NET Core with Entra ID authentication](https://damienbod.com/2024/02/12/using-blob-storage-from-asp-net-core-with-entra-id-authentication/)\r\n- [Delegated read and application write access to blob storage using ASP.NET Core with Entra ID authentication](https://damienbod.com/2024/02/26/delegated-read-and-application-write-access-to-blob-storage-using-asp-net-core-with-entra-id-authentication/)\r\n- [Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC](https://damienbod.com/2024/03/04/multi-client-blob-storage-access-using-asp-net-core-with-entra-id-authentication-and-rbac/)\r\n\r\n## Delegated read/write\r\n\r\nSecure upload and secure download. Users are authenticated using Microsoft Entra ID. The blob storage containers use Azure security groups to control the access. The upload and the download access is separated into different groups. \r\n\r\n![security-context](https://github.com/damienbod/AspNetCoreEntraIdBlobStorage/blob/main/Images/diagrams-delegated.png)\r\n\r\nAssign RBAC for users or groups with role **Storage Blob Data Contributor** or **Storage Blob Data Reader** and your resource.\r\n\r\n## Application write, delegated read\r\n\r\nSecure upload and secure download. Users are authenticated using Microsoft Entra ID. The blob storage containers use Azure security groups to control the read access. The upload access uses the an application for the Contributor role. \r\n\r\nOnly the application can upload files and the users or the groups can only read the files.\r\n\r\n![security-context](https://github.com/damienbod/AspNetCoreEntraIdBlobStorage/blob/main/Images/diagrams-app-write.png)\r\n\r\nAssign RBAC for users or groups with role **Storage Blob Data Contributor** and assign the application **Storage Blob Data Reader** and your resource.\r\n\r\n## Multi client blob storage access using ASP.NET Core with Entra ID authentication and RBAC\r\n\r\nOnboard different clients or organizations in an ASP.NET Core application to use separated Azure blob containers with controlled access using security groups and RBAC applied roles\r\n\r\n![security-context](https://github.com/damienbod/AspNetCoreEntraIdBlobStorage/blob/main/Images/diagrams-app-write-multi-tenant.png)\r\n\r\nAssign RBAC for users or groups with role **Storage Blob Data Contributor** and assign the application **Storage Blob Data Reader** and your resource.\r\n\r\n### Old\r\n\r\n- [Secure ME-ID User File Upload with ME-ID Storage and ASP.NET Core](https://damienbod.com/2021/02/08/secure-azure-ad-user-account-file-upload-with-azure-ad-storage-and-asp-net-core)\r\n- [Using ME-ID groups authorization in ASP.NET Core for an Azure Blob Storage](https://damienbod.com/2021/03/01/using-azure-ad-groups-authorization-in-asp-net-core-for-an-azure-blob-storage)\r\n- [Adding ASP.NET Core authorization for an Azure Blob Storage and ME-ID users using role assignments](https://damienbod.com/2021/02/16/adding-asp-net-core-authorization-for-an-azure-blob-storage-and-azure-ad-users-using-role-assignments)\r\n\r\n## History\r\n\r\n- 2025-02-07 Updated packages, .NET 9\r\n- 2024-09-26 Updated packages\r\n- 2024-08-08 Updated packages\r\n- 2024-06-22 Updated packages\r\n- 2024-05-08 Updated packages\r\n- 2024-03-24 Updated packages\r\n- 2024-03-03 Updated packages\r\n- 2024-02-09 Improved security, using Entra ID with delegated App Roles and groups\r\n- 2024-02-07 .NET 8\r\n- 2023-11-03 Updated packages\r\n- 2023-08-14 Updated packages\r\n- 2023-04-29 Updated packages\r\n- 2023-01-22 Updated to .NET 7\r\n- 2022-10-24 Updated packages\r\n- 2022-06-19 Updated packages\r\n- 2022-01-28 Updated packages, Updated to .NET 6\r\n- 2021-07-30 Updated packages\r\n- 2021-03-11 Updated packages\r\n\r\n## SQL\r\n\r\nAdd-Migration \"init\" \r\nAdd-Migration \"UploadedBy\" \r\n\r\nUpdate-Database \r\n\r\n## Links\r\n\r\nhttps://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory\r\n\r\nhttps://damienbod.com/2023/01/16/implementing-secure-microsoft-graph-application-clients-in-asp-net-core/\r\n\r\nhttps://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction\r\n\r\nhttps://github.com/AzureAD/microsoft-identity-web\r\n\r\nhttps://github.com/Azure-Samples/storage-dotnet-azure-ad-msal\r\n\r\nhttps://winsmarts.com/access-azure-blob-storage-with-standards-based-oauth-authentication-b10d201cbd15\r\n\r\nhttps://stackoverflow.com/questions/45956935/azure-ad-roles-claims-missing-in-access-token\r\n\r\nhttps://github.com/425show/b2c-appRoles\r\n\r\n## Links Role assignments\r\n\r\nhttps://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles\r\n\r\nhttps://blogs.aaddevsup.xyz/2020/05/using-azure-management-libraries-for-net-to-manage-azure-ad-users-groups-and-rbac-role-assignments/\r\n\r\nhttps://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication\r\n\r\nhttps://docs.microsoft.com/en-us/rest/api/authorization/role-assignment-rest-sample\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Faspnetcoreentraidblobstorage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdamienbod%2Faspnetcoreentraidblobstorage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Faspnetcoreentraidblobstorage/lists"}