dotnet
Grain persistence using Entra storage auth
Does Orleans support storing state on services that support only Entra auth? For instance, Azure Postgres Flexi Entra auth (https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication)?
For security reasons, all our storage services allow only Entra auth, such as Managed Identities and Entra access tokens. Connection strings with a fixed password are not allowed, and we use .NET components that internally automatically generate and renew access tokens.
Looking at https://learn.microsoft.com/en-us/dotnet/orleans/grains/grain-persistence/relational-storage it appears that Entra auth is not supported, for any storage provider.
Does Orleans support storing state on services that support only Entra auth? For instance, Azure Postgres Flexi Entra auth (https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication)?
For security reasons, all our storage services allow only Entra auth, such as Managed Identities and Entra access tokens. Connection strings with a fixed password are not allowed, and we use .NET components that internally automatically generate and renew access tokens.
Looking at https://learn.microsoft.com/en-us/dotnet/orleans/grains/grain-persistence/relational-storage it appears that Entra auth is not supported, for any storage provider.
@dluc I managed to configure it by looking at the source code
Orleans v9.2.1
builder.Services.AddSingleton((sp) => new TableServiceClient(new Uri("storage-url"), new DefaultAzureCredential()));
builder.UseOrleans(siloBuilder =>
{
siloBuilder.UseAzureStorageClustering(optionsBuilder =>
optionsBuilder.Configure<IServiceProvider>(
(options, services) =>
{
options.TableName = "clustermembership-table-name";
options.TableServiceClient = services.GetRequiredService<TableServiceClient>();
}
)
);
});
