I want to create functionality in my ASP .Net MVC application in which user will be able to download multiple AZ Blob files in zip folder. For doing this I've search for different scenario's.
Download multiple files through network stream and creating zip through that network stream.
Create zip file for multiple files in Azure and get that shareable links to download zip.
My problem is that AZ Blob Public Access Level is set Off. So, that's why I cant download all files through network stream because there is a chance that files might be corrupted due to access level.
I want my AZ function to zip my files on AZ Blob then I will share that zip link to the user to download the files as zip.
My problem is that AZ Blob Public Access Level is set Off. So, that's
why I cant download all files through network stream because there is
a chance that files might be corrupted due to access level.
If you set the Public Access Level to disable, then anonymous access to the blob will definitely be blocked. And if you pass the verification, you can access the blob without any problems.
I want my AZ function to zip my files on AZ Blob then I will share
that zip link to the user to download the files as zip.
Of course you can do this through azure function, but your storage settings make it impossible for any anonymous users to access the blob. Just giving the link is not enough, you need to make them pass the verification.
I suggest you do not access blobs based on link. Please use the code to generate the sas token, and obtain the zip file through the authentication of the sas token.
Related
I am a total newbie to Azure WebApps and storage, I need some clarification/confirmation. The main thing to take note of, my application (described below) requires a folder hierarchy. Blob is out of the question and file share doesn't allow anonymous access unless I use Shared Access Signature (SAS).
Am I understanding Azure storage correctly, it's either you fit into the Azure storage model or you don't?
Can anyone advise how I can achieve what's required by the CMS application as described below by using Blobs?
The only option I see is to find a way to change the CMS application so that it always has the SAS in the URL to every file it requests from storage in order to serve content on my Web App? If so, is it a problem if I set my SAS to expire sometime in the distant future?
https://<appname>.file.core.windows.net/instance1/site1/file1.jpg?<SAS>
Problem with using Blob
So far my understanding is that Blob storage doesn't allow "sub folders" as it's a container that holds unstructured data, therefore I'm unable to use this based on my application (described below) as it requires folder structure.
The problem with using File Share
File share seemed perfect as it allows for folder hierarchy, naturally that's what I've used.
However, no anonymous access is allowed for files stored in file storage, the access needs to be authorised. One way of authorising the access is to create a SAS on a file/share level with Read permission and then using that SAS URL to access the file.
Cannot access Windows azure file storage document
My application
I've created a Linux Web App running open source CMS application. This application allows creation of multiple websites, for each website's content such as images, docs, multimedia to be stored on a file server. These files are then served to the website via a defined URL.
The CMS application allows for a settings of the location where it should save its files, this would be a folder on the file server. It then creates a new sub folder for every site it hosts in that location.
Example folder hierarchy
/instance1
/site1
/file1
/file2
/site2
/file1
/file2
Am I understanding Azure storage correctly, it's either you fit into
the Azure storage model or you don't?
You can use Azure Storage Model for your CMS Application. You can use either Blob Storage or File Share
Can anyone advise how I can achieve what's required by the CMS
application as described below by using Blobs?
You can use Data Lake Gen 2 storage account if you want to use Azure Blob Storage.
Data Lake Gen 2 storage enables hierarchical namespace so that you can use subfolders in the Blob Storage as per your requirements
Problem with using Blob
Blob Storage allows subfolders if we use Data Lake Gen 2 storage account. You can enable Blob Public Anonymous access
The problem with using File Share
Azure File Share supports but does not allow public anonymous access. You can use Azure Managed Identity (System-Assigned) for your web app to access the Azure File Share.
Then your application would be able to access the Azure File Share without SAS token
The issue of not having real folders in a blob storage shouldn't be any issue for your use case. Just because it doesn't have your traditional folders doesn't mean it can't serve content on e.g. instance1/site1/file1. That's still possible but the instance1/site1/ will just be part of the name of the blob.
Tools like the Azure Portal or Storage Explorer will actually show folders by using the delimiter / and querying data that appears to be inside a folder by using the path as prefix.
Is it possible to share the contents of a container from azure data lake?
The goal is for anyone with the link to be able to download the files that are there.
Person who click the link should see folders and files which are there and has ability to download.
You need to enable Allow Blob public access setting and change access level of container to Container. You can refer to this documentation. Then you can use this URL to list blobs in container:https://myaccount.blob.core.windows.net/mycontainer?restype=container&comp=list. It will return xml file, you can copy the URL of blob and paste it in your browser to download it.
Update:
Yes, it's possible to use SAS key to do this while keeping your container is private.
You can generate SAS with list permission. And Use this URL to get blob list.
https://myaccount.blob.core.windows.net/mycontainer?mySAStoken&restype=container&comp=list
And you can download file with this:
https://myaccount.blob.core.windows.net/mycontainer/myfile?mySAStoken
I have a simple need, but there are so many azure options, I am not sure where to start.
I have a AppService (website) on azure from which I want to serve static PDFs for download. In other words, there is a training page on the website, and on this page, I want to have url to the PDF to download it.
But I don't want the PDF's to be a part of the AppService files, I want them in storage so they are a separate from the website files.
How should this be done?
What I have found so far is: Azure Blob storage, but it's not clear to me how to use those with a URL. The samples look like they are using code to download instead of a public URL.
I have also looked at Azure CDN, but that seems like more than I am looking for. Just need a simple location to store and download files.
You can make the blob container public so anyone with the link can download the file.
In this case you can just link to the file or return a 302 redirect from your app to the link, which also initiates the download.
Another option is to use SAS tokens.
These temporary tokens are generated using your storage account access key,
and are attached to the URL.
You can then give this final URL in the link to allow the user to download the file.
In this option the container can be kept private, and you control who can access what.
Now the token is only valid until it expires (you decide this time), so a user could give the link to another person and they could also download the document within that time.
The third option is to pipe the files through your app to the user.
Download the file from your back-end and then stream it to the user for download.
This option takes more resources on your back-end as threads and IO are used there for each download.
This option is the most secure as you can control who can download what.
you can upload your PDFs to Azure Blob storage into a special container (e.g. download) and make that container and content public in either of two ways:
public read access for blobs only: Blobs within the container can be read by anonymous request, but container data is not available. Anonymous clients cannot enumerate the blobs within the container.
Full public read access: All container and blob data can be read by anonymous request. Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.
Then they are accessible by a URL like https://yourStor.blob.core.windows.net/download/train1.pdf
To expand on the accepted answer
Create a Storage Account, such as mystorage
In the storage account, create a container, such as mycontainer
On the container, set the Access Policy to Blob (Anonymous read access for blobs only).
Upload your file, such as myfile.txt to the container.
View the file Properties. It will show the URL to the file which is in this format: https://mystorage.blob.core.windows.net/mycontainer/myfile.txt
Note that the URL is case sensitive.
I have a problem that I have been wracking my brain about and figured I would need some perspective and insight from people who are a lot more knowledgeable about this.
What I have currently: Web based application hosted in azure uses azure blob store to store files that are generated as part of data import processes. We have a seperate application that extends the original web application that allows users to upload files and these files are currently also stored in azure blob store.
Where I am trying to go: I have a requirement that wants the ability to map network file shares on a users laptop and be able to access these files that currently reside in the blob.
Since Azure blob does not support SMB I have no way of actually doing this with a blob store.
I could use Azure files in conjunction with a File Server running the sync agent. However, this requires a lot of work both in terms of refactoring, setup and some custom service that add remove permissions on the file server.
I'm wondering if there is a service or a piece of software that exists in the market currently that allows me to continue using blob and perhaps sync the blob files into a file server that can then allow users to access and open files using windows file explorer? I found one that looks like an open source project but only does a one way sync from the blob to the file share. Ideally I'd like to find a solution that does a two way sync like azure file sync does.
Any thoughts and ideas will be appreciated.
Since the max number of blob containers, file shares is unlimited. Per my understanding, you could leverage the following approaches:
Migrate the data from blob storage to azure file share instead of blob storage, then the subsequent file store is azure file storage.
Note: Currently you must specify storage account key when mounting file shares, details you could follow this feedback. I recommend that you'd better do not map network file shares on a users laptop.
You could still use the blob storage, and you could create each blob container for each user and generate each blob container SAS token for your users, then the users could leverage Azure Storage Explorer to manage their blob files or use AzCopy and other command tools to download the blob files into their laptop file system.
Note: For security consideration, you could combine a stored access policy with a SAS, in order to revoke the permissions, you just need to invalidate the related access policy instead of regenerating the account key. Details you could follow Controlling a SAS with a stored access policy and Shared Access Signatures, Part 2: Create and use a SAS with Blob storage.
I'm trying to access files which I'm programmatically uploading to the azure file storage.
But when pasting the direct url:
Any idea how I can directly get that file when I want to download from Azure file storage?
Direct access to files stored in file service is not allowed because the share containing these files has Private ACL and unlike blob containers there's no way to change the ACL of a share.
What you would need to do is create a Shared Access Signature (SAS) on the file that you want to access directly and use that SAS URL. When creating the SAS, please ensure that at least Read permission is included in the SAS as this permission is required to read/download the file.
Please see https://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-how-to-use-files/#develop-with-file-storage (Generate a shared access signature for a file or file share) for more details on how you can create a SAS on a file.