How can I modify my Azure SDK for C++ sample to connect via a private endpoint?

Below is an explanation along with an updated example.

---

Explanation

Using a private endpoint mainly means that your DNS and network have been configured so that traffic to your storage account’s hostname (or an alternative hostname you assign) is routed to the private IP. In your code nothing “magical” happens regarding private endpoints because the authentication (using OAuth) and request signing remain the same. The only change is that you need to update the service URL to point to the DNS name (or IP address) associated with your private endpoint. Any extra transport options (like custom HTTP policies or connection settings) may be configured if your network requires them, but in most cases simply providing the correct URL works.

For example, if your private endpoint is configured to be reached at “https://<private_dns_name>”, then you simply instantiate your service client with that URL.

---

Updated Code Example

Below is your sample modified to take the service URL from an environment variable (or hard-code as needed) so that it points to the private endpoint:

CPPCopied
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

#include <azure/identity/client_secret_credential.hpp>
// Replace this with the actual Azure Service Client header appropriate for ADLS Gen2.
#include <azure/service/client.hpp>

#include <cstdlib>
#include <iostream>

// The following environment variables must be set before running the sample.
// * AZURE_TENANT_ID: Tenant ID for the Azure account.
// * AZURE_CLIENT_ID: The Client ID to authenticate the request.
// * AZURE_CLIENT_SECRET: The client secret.
// * PRIVATE_ENDPOINT_URL: The service URL pointed to your private endpoint.
std::string GetEnvVar(const char* varName)
{
  const char* value = std::getenv(varName);
  return value ? std::string(value) : "";
}

int main()
{
  try
  {
    // Step 1: Initialize Client Secret Credential.
    auto clientSecretCredential = std::make_shared<Azure::Identity::ClientSecretCredential>(
        GetEnvVar("AZURE_TENANT_ID"),
        GetEnvVar("AZURE_CLIENT_ID"),
        GetEnvVar("AZURE_CLIENT_SECRET"));

    // Step 2: Retrieve the private endpoint URL.
    std::string serviceUrl = GetEnvVar("PRIVATE_ENDPOINT_URL");
    if (serviceUrl.empty())
    {
      std::cerr << "Error: PRIVATE_ENDPOINT_URL environment variable is not set." << std::endl;
      return 1;
    }

    // Step 3: Pass the credential to an Azure Service Client, using the private endpoint URL.
    Azure::Service::Client azureServiceClient(serviceUrl, clientSecretCredential);

    // Step 4: Start using the Azure Service Client.
    azureServiceClient.DoSomething();

    std::cout << "Success!" << std::endl;
  }
  catch (const Azure::Core::Credentials::AuthenticationException& exception)
  {
    // Handle authentication errors (e.g. invalid credentials, insufficient permissions).
    std::cerr << "Authentication error: " << exception.what() << std::endl;
    return 1;
  }

  return 0;
}

---

What Changed

1. Private Endpoint URL
   Instead of hard-coding "serviceUrl", we now retrieve the URL from an environment variable called PRIVATE_ENDPOINT_URL. Ensure that this value is the URL corresponding to your private endpoint (for example, "https://<private_dns_name>").

2. DNS and Network Settings
   Make sure that your local DNS or network configuration routes traffic correctly to the private endpoint. No additional modifications in code (such as using a proxy or special transport settings) are required unless your network setup demands it.

3. Authentication Remains the Same
   Since you are still using OAuth via the app registration and secret, no changes to the authentication code are necessary.

---

This change ensures that your SDK client connects to the correct endpoint that is privately accessible while still using the same authentication mechanism as before.