Open cool-mist opened 1 month ago
I think this might have to do with the usage of WindowsAzure.Storage
in the DTF library
have any undate? it's an security issue, need to be solved.
@cool-mist When using .net48, the DTFx.AS will use dependencies for framework net462 since it's companiable. And thus WindowsAzure.Storage v7.2.1 will be picked. However, this version doesn't support token credentials. So you have to use .NET framework 5.x and onwards to use the dependency WindowsAzure.Storage 9.3.1 which can support token credential class.
If .NET framework 4.8 has to be used, I would recommend using DTFx.AS v2. This package uses the latest Azure Storage SDK and thus can support managed identity with dotnet 4.x. But please notice that this package is still in preview. GA is targeting at the end of this month right now.
Samples to use token credential with DTFx.AS v2:
var credential = new DefaultAzureCredential(); // use configuration to create credential, it can also be other token credential.
var service = new AzureStorageOrchestrationService(new AzureStorageOrchestrationServiceSettings
{
StorageAccountClientProvider = new StorageAccountClientProvider(yourStorageAccountName, credential),
});
Hey @nytian, as the month's end approaches, do you have an updated ETA for the release?
@KareemIsmail-M Thanks for being interested at Durable v3! You can refer to this Github issue page to check the progress of v3 GA. The only blocker right now is to decide our .NET versions in our repo, since there will be a change about this on Functions scope. We should decide this by tomorrow and then I can provide a more accurate release date.
Also, this is not a big work item so the release shouldn't be impacted a lot.
@nytian, please be aware that we (myself and @KareemIsmail-M) are actually interested with the DTFx (and the AS package) specifically, and not with Durable Functions. We're from an internal MS team that have a dependency on DTfx, and needs the MI capability.
Problem
How to use managed identity while connecting to storage account when using DurableTask.AzureStorage?
Hi, we are a microsoft internal team using durable task framework in our service that runs on dotnet framework 4.8. We are trying to use managed identity to connect to storage. The following code already works to connect to storage using managed identity for dotnet 8+, but fails with the error
Unhandled Exception: System.InvalidOperationException: Token credential is not supported for this service.
when using dotnet 4.8.Dependencies
Repro
The following code correctly uses managed identity for
<TargetFramework>net8.0</TargetFramework>
but fails with an error when using<TargetFramework>net48</TargetFramework>
.Code