![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 4%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,220 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
It looks like the code is correctly set up to authenticate but is encountering a "ResourceNotFound" error (404), which can happen due to several reasons in this scenario. You might want to try the following :
- Application Permissions and Role Assignment
- Double-check that the Managed Identity or service principal you’re using has been granted the correct role at the Storage Account level or for specific containers within it.
- Azure recommends using Storage Blob Data Contributor or Storage Blob Data Owner for the required permissions.
- If you’re using a user-assigned managed identity, ensure that the identity has been assigned permissions on the Storage Account.
- Correct Scope in Role Assignment
- Ensure that the permissions are granted at the correct scope. You can grant permissions at:
- Storage Account level: which applies to all containers.
- Container level: if permissions are set only at the container level, check if you’re accessing the correct container.
- Try to confirm if the service principal or managed identity has the necessary permissions for the exact container you’re trying to access, not just the root account.
- Endpoint URL Check
- Verify that the endpoint URL in the code is correctly set for accessing the blob storage. Sometimes, if there are additional characters or typos in the URL, it may cause a 404 error.
- Ensure that the URL format (
https://{accountName}.blob.core.windows.net) is correct, especially if you are accessing a specific container or blob within the storage account.
- Token Authentication in the Code
- In your code snippet, ensure that credentials are initialized and passed correctly.
- Confirm that the client is fetching and using the token correctly. The
TokenCredentialshould provide the access token needed for Entra ID authentication.
- Testing with Minimal Permissions
- To narrow down the issue, assign the Storage Blob Data Owner role to your service principal temporarily at the Storage Account level. This ensures the service principal has the highest level of data permissions to validate if it’s an issue with permissions.
Example Code Modification (for the sake of clarity) Ensure that the secret and credential are defined properly and replace any placeholder values with actual credentials:
public static void main(String[] args) {
String accountName = "yourAccountName";
String tenantId = "yourTenantId";
String clientId = "yourClientId";
String clientSecret = "yourClientSecret";
TokenCredential credential = new ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net", accountName);
BlobServiceClient storageClient = new BlobServiceClientBuilder()
.endpoint(endpoint)
.credential(credential)
.buildClient();
try {
storageClient.getAccountInfo();
System.out.println("Successfully connected to the storage account.");
} catch (Exception e) {
System.err.println("Error connecting to storage account: " + e.getMessage());
}
}
Testing and Debugging Steps
- Run the code after adjusting configurations and permissions as above to see if the issue persists.
- Test connecting directly via a simpler Azure CLI or PowerShell command to rule out other issues.
- If you still encounter issues, use the Azure Storage Explorer with Entra ID authentication to connect to the storage account. This can help identify whether the problem lies with the configuration or the code.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)