Azure tableclient in console app using interactive authentication

Question

I'm trying to access Azure Table Storage using the TableClient class, but I want to authenticate using AzureAD credentials via the browser popup.

I have tried 2 approaches and are sure I have things configured correctly in Azure, but I just keep getting

This request is not authorized to perform this operation using this permission.

Here is test code 1 using MSAL

let app = PublicClientApplicationBuilder.Create("---registered app ID---")
             .WithAuthority(AzureCloudInstance.AzurePublic, "---tennant id----" )
             .WithDefaultRedirectUri()
             .Build()
let! ar = app.AcquireTokenInteractive(["https://storage.azure.com/user_impersonation"]).ExecuteAsync()
let tokenCredential = { new TokenCredential() with
              member x.GetTokenAsync(_,_) = task {return AccessToken(ar.AccessToken, ar.ExpiresOn)} |> ValueTask<AccessToken>
              member x.GetToken(_,_) = AccessToken(ar.AccessToken, ar.ExpiresOn)}
let tc = new TableClient(Uri("https://--endpoint---.table.core.windows.net/"), "--Table--",  tokenCredential)

and test 2 using Azure.Identity

let io = new InteractiveBrowserCredentialOptions(ClientId = "---registered app ID---", RedirectUri = Uri("https://login.microsoftonline.com/common/oauth2/nativeclient"))
let tc = new TableClient(Uri("https://--endpoint---.table.core.windows.net/"), "--Table--", new InteractiveBrowserCredential(io))

I have the app registered in Azure & I have added api permissions for Azure Storage, with Admin consent. My account is a Service Administrator for the tennant so I have full access to the storage account. I have scoured all the docs but just cant see what I'm missing.

Answer 1

To access table data using your Azure AD credentials, your user account should be assigned either Storage Table Data Contributor or Storage Table Data Reader role.

Please assign one of these roles to your user account and re-acquire the token. You should not get the error you are getting then.