Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at the 2025 Microsoft Fabric Community Conference. March 31 - April 2, Las Vegas, Nevada. Use code FABINSIDER for $400 discount. Register now

Reply
anawast
Microsoft Employee
Microsoft Employee

SPN + Certificate for authentication to ADLS in Microsoft Fabric Notebooks.

‎07-22-2024 12:27 AM

I can read data from my ADL Gen2 Lake using SPN+ SPN Key through providing the following spark configurations. 

spark.conf.set("dfs.adls.oauth2.access.token.provider.type", "ClientCredential")
spark.conf.set("dfs.adls.oauth2.client.id", "<ADLSId>")
spark.conf.set("dfs.adls.oauth2.credential", "<ADLSCredential>")
spark.conf.set("dfs.adls.oauth2.refresh.url", adlsLoginUrl)

However, I now what to do the authnetication through SPN+Certificate. Can you help with the mechanism for the same?
Labels:
Message 1 of 4
777 Views
0
1 ACCEPTED SOLUTION
v-shex-msft
Community Support
Community Support
In response to anawast

‎07-30-2024 12:32 AM

Hi @anawast,

Perhaps you can try to use azure-identity and azure-storage-filedatalake libraries to configure the connection with SPN and certificate:

%pip install azure-identity azure-storage-file-datalake

from azure.identity import ClientCertificateCredential
from azure.storage.filedatalake import DataLakeServiceClient

tenant_id = "<your-tenant-id>"
client_id = "<your-client-id>"
certificate_path = "<path-to-your-certificate>"

credential = ClientCertificateCredential(tenant_id, client_id, certificate_path)
service_client = DataLakeServiceClient(account_url="https://<your-account-name>.dfs.core.windows.net", credential=credential)

ClientCertificateCredential Constructor (Azure.Identity) - Azure for .NET Developers | Microsoft Lea...

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

Message 4 of 4
639 Views
0
3 REPLIES 3
anawast
Microsoft Employee
Microsoft Employee

‎07-23-2024 12:50 AM

This uses Client Secret for authentication. I want to use SPN certificate for authentication. 

Message 3 of 4
738 Views
0
v-shex-msft
Community Support
Community Support
In response to anawast

‎07-30-2024 12:32 AM

Hi @anawast,

Perhaps you can try to use azure-identity and azure-storage-filedatalake libraries to configure the connection with SPN and certificate:

%pip install azure-identity azure-storage-file-datalake

from azure.identity import ClientCertificateCredential
from azure.storage.filedatalake import DataLakeServiceClient

tenant_id = "<your-tenant-id>"
client_id = "<your-client-id>"
certificate_path = "<path-to-your-certificate>"

credential = ClientCertificateCredential(tenant_id, client_id, certificate_path)
service_client = DataLakeServiceClient(account_url="https://<your-account-name>.dfs.core.windows.net", credential=credential)

ClientCertificateCredential Constructor (Azure.Identity) - Azure for .NET Developers | Microsoft Lea...

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Message 4 of 4
640 Views
0
v-shex-msft
Community Support
Community Support

‎07-22-2024 11:27 PM

Hi @anawast,

Perhaps you can take a look at the following script to load data from storage account if helps with your scenario:

from notebookutils import mssparkutils

# service principal
tenant_id = "<your-tenant-id>"
client_id = "<your-client-id>"
client_secret = "<your-client-secret>"

# Azure storage detail
storage_account_name = "<your-storage-account-name>"
container_name = "<your-container-name>"
file_path="<path_to_file>"

# Spark configuration
spark.conf.set("fs.azure.account.auth.type", "OAuth")
spark.conf.set("fs.azure.account.oauth.provider.type", "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider")
spark.conf.set("fs.azure.account.oauth2.client.id", client_id)
spark.conf.set("fs.azure.account.oauth2.client.secret", client_secret)
spark.conf.set("fs.azure.account.oauth2.client.endpoint", f"https://login.microsoftonline.com/{tenant_id}/oauth2/token")

# Full file path
data_path = f"abfss://{container_name}@{storage_account_name}.dfs.core.windows.net/{file_path}"

# Read the data into a Spark DataFrame
df = spark.read.format("csv").option("header", "true").load(data_path)

# show the result
df.show()

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Message 2 of 4
744 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code FABINSIDER for a $400 discount!

FebFBC_Carousel

Fabric Monthly Update - February 2025

Check out the February 2025 Fabric update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

View All