| title | include file |
|---|---|
| description | include file |
| services | storage |
| author | pauljewellmsft |
| ms.service | azure-storage |
| ms.topic | include |
| ms.date | 10/21/2022 |
| ms.author | pauljewell |
| ms.custom | include file |
Application requests to Azure Blob Storage must be authorized. Using the DefaultAzureCredential class provided by the Azure Identity client library is the recommended approach for implementing passwordless connections to Azure services in your code, including Blob Storage.
You can also authorize requests to Azure Blob Storage by using the account access key. However, this approach should be used with caution. Developers must be diligent to never expose the access key in an unsecure location. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. DefaultAzureCredential offers improved management and security benefits over the account key to allow passwordless authentication. Both options are demonstrated in the following example.