ADO.NET Provider for Azure Data Lake Storage

Build 20.0.7654

Establishing a Connection

Authenticating to Azure DataLakeStore

Authenticating to a Gen 1 DataLakeStore account

Gen 1 uses OAuth 2.0 in Azure AD for authentication.

For this, an Active Directory web application is required. You can create one as follows:

  1. Sign in to your Azure Account through the Azure portal.
  2. Select "Azure Active Directory".
  3. Select "App registrations".
  4. Select "New application registration".
  5. Provide a name and URL for the application. Select Web app for the type of application you want to create.
  6. Select "Required permissions" and change the required permissions for this app. At a minimum, "Azure Data Lake" and "Windows Azure Service Management API" are required.
  7. Select "Key" and generate a new key. Add a description, a duration, and take note of the generated key. You won't be able to see it again.

To authenticate against a Gen 1 DataLakeStore account, the following properties are required:

  • Schema Set this to ADLSGen1.
  • Account Set this to the name of the account.
  • OAuthClientId Set this to the application Id of the app you created.
  • OAuthClientSecret Set this to the key generated for the app you created.
  • AzureTenant Set this to the tenant Id. See the property for more information on how to acquire this.
  • Directory Set this to the path which will be used to store the replicated file. If not specified, the root directory will be used.

Authenticating to a Gen 2 DataLakeStore account using AccessKey

To authenticate against a Gen 2 DataLakeStore account, the following properties are required:

  • Schema Set this to ADLSGen2.
  • Account Set this to the name of the storage account.
  • FileSystem Set this to the file system name which will be used for this account. For example, the name of an Azure Blob Container
  • AccessKey Set this to the access key which will be used to authenticate the calls to the API. See the property for more information on how to acquire this.
  • Directory Set this to the path which will be used to store the replicated file. If not specified, the root directory will be used.

Authenticating to a Gen 2 DataLakeStore account using SharedAccessSignature

A shared access signature is a set of URL query parameters which are generated to give access to a an entire blob down to a single object. If you already have a shared access signature generated for an entire blob you can use it as an authentication method. To authenticate against a Gen 2 DataLakeStore account using SharedAccessSignature, the following properties are required:

  • Schema Set this to ADLSGen2.
  • Account Set this to the name of the storage account.
  • FileSystem Set this to the file system name which will be used for this account. For example, the name of an Azure Blob Container
  • SharedAccessSignature Set this to the shared access signature which will be used to authenticate the calls to the API. See the property for more information on how to acquire this.
  • Directory Set this to the path which will be used to store the replicated file. If not specified, the root directory will be used.

Authenticating using MSI Authentication

If you are running Azure Data Lake Storage on an Azure VM, you can leverage Managed Service Identity (MSI) credentials to connect:

  • AuthScheme: Set this to AzureMSI.

The MSI credentials will then be automatically obtained for authentication.

Copyright (c) 2020 CData Software, Inc. - All rights reserved.
Build 20.0.7654