We Keep Coding

Active Directory access Azure Storage from browser

I want to use Azure Active Directory to allow users to read and write to Azure storage (specifically all Blobs and Tables) from a single-page web app.
I started like this:
import { InteractiveBrowserCredential } from '#azure/identity';
import { TableClient, TableServiceClient } from '#azure/data-tables';
const credentials = new InteractiveBrowserCredential({
clientId: myAuthConfig.clientId,
tenantId: myAuthConfig.tenantId,
});
const client = new TableServiceClient(
`https://${myAuthConfig.storageAccountName}.table.core.windows.net`,
credentials
);
client.listTables().byPage().next().then(console.log);
This works totally fine! I can see all the tables on the account. But then I wanted to list some of the data in on of the tables. So I did:
const client = new TableClient(
`https://${myAuthConfig.storageAccountName}.table.core.windows.net`,
'<table name>',
credentials
);
client.listEntities().byPage().next().then(console.log);
But this gives an error:
{
"odata.error": {
"code":"AuthorizationPermissionMismatch",
"message": {
"lang":"en-US",
"value":"This request is not authorized to perform this operation using this permission.\nRequestId:<uuid>\nTime:2021-10-28T18:04:00.0737419Z"
}
}
}
I'm very confused by this error. As far as I can tell I've done everything right. I followed every tutorial. I've set up active directory permissions for my app to use the storage API, my Microsoft account has permission to access the tables, OCRS is enabled, etc.
I'm not sure why I would have access to see a table but not see what's in it. I tried to use InteractiveBrowserCredential.authenticate to explicitly set scopes like this:
const scopes = ["User.Read"]
credentials.authenticate(scopes).then(console.log);
It works fine for User.Read but I couldn't figure out what scopes corresponded to Storage read/write access. If I added a scopy like "Microsoft.Storage" it told me that it didn't exist
Has anyone got an error like this before? What am I supposed to do here?

Thank you #gaurav mantri ,Posting your suggestion in comment as an answer.
From error it looks like your service principal does not have access permission to your table storage data. You should either grant permission using a RBAC role on the storage account resource (add to storage account contributors or readers) as below. Or use Storage Explorer to grant permission.
In your storage account please check, if you have Storage Table Data Contributer /Storage table data reader roles assigned as commented by #gaurav mantri
If not , you can add them
go into your storage account > IAM > Add role assignment, and add the special permissions
If roles are already assigned , the issue might be due to storage account being protected by firewall. Please try configure in Firewall and virtual networks of your storage account to add an existing virtual network or create a new vnet.If there is no issue you may allow access from all networks.
References:
Authorize access to tables using Active Directory - Azure Storage |
Microsoft Docs
Assign an Azure role for access to table data using powershell -
Azure Storage | Microsoft Docs

Login .Net Identiy User Using Jwt NodeJs Api

Converting .Net api into Node.js, now I need to login user using Identity table using...
var user = _userManager.FindByNameAsync(userDto.Username).Result;
var result = await _userManager.CheckPasswordAsync(user, userDto.Password);
One option is to use plain query but it does not seem like a feasible solution.
Please kindly let me know what should I do?

Is there a way in firebase functions to delete storage files that match a regular expression?

I can't find a way to delete all the files inside firebase storage that match a regular expression. I would like to use something like:
const bucket = storage.bucket(functions.config().firebase.storageBucket);
const filePath = 'images/*.png';
const file = bucket.file(filePath);
file.delete();
Or similar to be able to delete all files inside "images" with png extension.
I tried searching in Stackoverflow and in the samples repository without luck https://github.com/firebase/functions-samples
Any help would be much appreciated. Thanks!

No. In order to delete a file from Cloud Storage, you need to be able to construct a full path to that file. There are no wildcards or regular expressions.
It's common to store the paths to files in a database in order to easily discover the names of files to delete by using some query.

If you want to do this in Cloud Functions, you'll be using the Firebase Admin SDK. And the Cloud Storage functionality in there (admin.storage()) is a thin wrapper around the Cloud Storage SDK for Node.js. So if you search for cloud storage node.js path regular expression you'll get some relevant results.
How to get files from Google Cloud Storage bucket based on a regular expression?, which indicates that prefix matching is quite possible with bucket.getFiles({ prefix: 'path/to/file' }....

What about this solution
FirebaseStorage storage = FirebaseStorage.getInstance();
StorageReference mStorageRef =
storage.getReference().child("fotos_usuarios/"+id);
mStorageRef.listAll().addOnSuccessListener(listResult -> {
for (StorageReference item : listResult.getItems()) {
if (item.getName().contains("SOME_WORD")){
item.delete();
}
}
})

Sending an email using Azure SDK

I use azure-graph in my Node.js project:
const MsRest = require('ms-rest-azure');
const credentials = await MsRest.loginWithServicePrincipalSecret(keys.appId, keys.pass, keys.tenantId, { tokenAudience: 'graph' });
const GraphkManagementClient = require('azure-graph');
const client = new GraphkManagementClient(credentials, subscriptionId);
return client.users.get(principalID);
I want to use the Azure SDK also to send emails.
I know how to do that in low level using the API directly:
But I want to do it via the SDK like the rest of my project.
My problem is, I have not found any method for sending an email in the docs: azure-graph package. I need a method that allows me (with the proper privileges of course) to send email as any user in the organization.

You can use the Graph JavaScript SDK which is a wrapper around the Microsoft Graph API that can be used server-side and in the browser to send mails to users. Please refer to Graph Javascript SDK to learn more about the same. Also, refer to nodejs-connect-sample to use Microsoft Graph API and the Graph JavaScript SDK to send an email.

Does anyone have the ability to create an account with my key?

EDIT : tried the authorized domain and it seems to be what i need, i'll try to go deeper with André's answer :)
Thank you !
Hi,
I'm new to firebase and i just finished a project but i had a question:
Since the doc says i have to put my api keys and else in the javascript, they are visible to anyone even if put into process.env
i've read here : Is it safe to expose Firebase apiKey to the public?
that making the api key public is normal and not a big deal.
I'm using the email/password auth and i'm scared
If someone takes my :
API_KEY_FIREBASE
AUTH_DOMAIN
DB_URL
PROJECT_ID
that are in the source code and use the createAccount function, is he gonna be able to create an account ?
Is yes, is there a way to disable this ?
I want to be able to create account only through the firebase console
I'm not using firebase database for my data, i only use it for auth so i don't have to create a user table in my database, but i use the IDTokens they provide to secure some routes on express.
thank you ! :)

Someone can only create an account when you have that option enabled in your firebase console. So If you have it disabled there is no problem.
You can look here in the "before you begin" section for how to enable/disable Email/password sign-in method.