How to get Azure BLob Storage account list in dotnet API without any admin interaction in Azure portal?

Firstly, if you don't have the necessary Azure rights to view storage account information then no amount of APIs will work here - you don't have permissions. There is no workaround as that is how security works. So no role assignment = no access. You need the appropriate permissions and will need to work with your Azure infrastructure team to get it.

You can access storage using Entra ID, shared access signature or a shared key. You need to work with your Azure infrastructure team to get the necessary access based upon the approach they want you to take. Permissions in Azure are layered and additive so which permissions you need exactly can vary a little bit.

To access everything you could use Reader and Data Access but that is a very high level and powerful permission. As such you'll generally be granted permissions to just the resources you need. For purposes of discussion we'll assume Entra ID authentication. If you use something else then permissions will vary.

To enumerate the storage accounts you must specify the subscription. The List Storage Accounts endpoint gives you that information. I cannot tell what permissions you need for this but I suspect it might be one of the storage account permissions defined here. Since this requires having access to a subscription it is going to need probably more permissions than the other calls.

To enumerate the containers in an account you use the List Containers endpoint. It is a simple GET request against the storage account. To call this API you need Storage Blob Data Reader to the storage account itself.

To enumerate the blobs in a container you use the List Blobs endpoint. It also requires Storage Blob Data Reader permission.

I'm not really sure what you mean by getting the blob's SAS URL. The SAS is a shared security so you must already know that. The List Blobs endpoint gives you the information about how to get the blob via the API already.

@Marcelo Lorenzetti Welcome to Microsoft Q&A Forum , Thank you for posting your query here!

Since you mentioned that you do not have the necessary role assignments, you might need to request the required permissions from your Azure administrator or the person managing your Azure resources.

You won’t be able to retrieve information about other storage accounts or containers outside of your assigned scope. However, within the storage account you have access to, you can retrieve details like containers, blobs, and generate SAS URLs.

To retrieve a list of Azure Blob Storage accounts using the .NET API without any admin interaction in the Azure portal, you will need the necessary permissions. Unfortunately, without the required permissions, it is not possible to access or retrieve this information directly. Here are some general steps and information that might help you understand the process if you had the required permissions:

List All Storage Accounts: To list all storage accounts, you would typically need the Reader role or higher on the subscription level. You can use the Azure SDK for .NET to achieve this. Here is an example code snippet:

using Azure.Identity;
using Azure.ResourceManager.Storage;
using Azure.ResourceManager.Storage.Models;

var credential = new DefaultAzureCredential();
var client = new StorageManagementClient(subscriptionId, credential);

var storageAccounts = client.StorageAccounts.List();
foreach (var account in storageAccounts)
{
    Console.WriteLine(account.Name);
}

List All Storage Account Containers: To list all containers within a storage account, you would need the Storage Blob Data Reader role or higher on the storage account. Here is an example code snippet:

using Azure.Storage.Blobs;

var blobServiceClient = new BlobServiceClient(new Uri($"https://{storageAccountName}.blob.core.windows.net"), new DefaultAzureCredential());
var containers = blobServiceClient.GetBlobContainers();
foreach (var container in containers)
{
    Console.WriteLine(container.Name);
}

List All Container Blobs: To list all blobs within a container, you would need the Storage Blob Data Reader role or higher on the container. Here is an example code snippet:

using Azure.Storage.Blobs;

var containerClient = new BlobContainerClient(new Uri($"https://{storageAccountName}.blob.core.windows.net/{containerName}"), new DefaultAzureCredential());
var blobs = containerClient.GetBlobs();
foreach (var blob in blobs)
{
    Console.WriteLine(blob.Name);
}

1. Generate Blob SAS URLs: To generate SAS URLs for blobs, you would need the Storage Blob Data Contributor role or higher on the container. Here is an example code snippet:

      using Azure.Storage.Blobs;
      var sasUri = blobClient.GenerateSasUri(BlobSasPermissions.Read, DateTimeOffset.UtcNow.AddHours(1));
      Console.WriteLine(sasUri);
      
   

Additional information:

The Storage Account Contributor has no dataActions permissions for the storage account, however, it can do everything that's not data. (Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.)

Please let us know if you have any further queries. I’m happy to assist you further.     

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.