I've been able to get RBAC permissions to work where my ASP.NET webapi (.NET 8) service that is hosted in an App Service that has a managed identity that has right storage permissions to access the Azure Blob Storage container. However, when my users authenticate to Entra Id and access data in a my ASP.NET webapi service, I want to be able to pass identity information in the access token passed to this service and relay it to Azure Blob Storage for finer grained control of access to blobs.
Is this even possible or desirable?
I tried using a my own TokenCredential implementation that parses the access token and then pass it to the BlobServiceClient but it returns a 401.