I am using Azure Storage to save some files. I want these files to be publicly available on a temporary basis. Currently, I'm saving them via an azure storage file service. Each file is give a URL of the structure ./[file-share]/[directory]/[file-name].[ext].
My question is, is there a way to make this URL publicly available? I do not see a way. If there isn't, is there some recommended way to make a file public available? I do not see a way to do this via a file service.
My question is, is there a way to make this URL publicly available?
One possible solution would be to create a Shared Access Signature (SAS) on the file in question with at least Read permission and share SAS URL with your users. You mentioned that you want the file to be publicly available on a temporary basis and for that SAS would perfectly fit the bill. You can set the SAS expiry based on your needs and once the SAS token expires, the file will no longer be available.
Other option would be to use Blob Storage instead of File Service. Here not only you can use Shared Access Signature but also change the container's ACL. By making the container's ACL as Blob, the blob (file) will be publicly available.
Related
I have a question about Azure Blob storage, whenever I make the Blob Public Access Disabled we’re unable to successfully access anything inside the container, is it anything I need to set? Like encoded call?
You will need to have some kind of authorization. Refer to THIS documentation. The safest is to use Azure active directory.
Another option is to use a container level shared access signature or SAS as shown in the screenshot. The signature is signed using the storage account key and can be set to be valid for a specific period. On clicking Generate SAS, you will get a url which you can use to direct access your container. You can also have blob level SAS if needed for a specific blob.
I have a simple need, but there are so many azure options, I am not sure where to start.
I have a AppService (website) on azure from which I want to serve static PDFs for download. In other words, there is a training page on the website, and on this page, I want to have url to the PDF to download it.
But I don't want the PDF's to be a part of the AppService files, I want them in storage so they are a separate from the website files.
How should this be done?
What I have found so far is: Azure Blob storage, but it's not clear to me how to use those with a URL. The samples look like they are using code to download instead of a public URL.
I have also looked at Azure CDN, but that seems like more than I am looking for. Just need a simple location to store and download files.
You can make the blob container public so anyone with the link can download the file.
In this case you can just link to the file or return a 302 redirect from your app to the link, which also initiates the download.
Another option is to use SAS tokens.
These temporary tokens are generated using your storage account access key,
and are attached to the URL.
You can then give this final URL in the link to allow the user to download the file.
In this option the container can be kept private, and you control who can access what.
Now the token is only valid until it expires (you decide this time), so a user could give the link to another person and they could also download the document within that time.
The third option is to pipe the files through your app to the user.
Download the file from your back-end and then stream it to the user for download.
This option takes more resources on your back-end as threads and IO are used there for each download.
This option is the most secure as you can control who can download what.
you can upload your PDFs to Azure Blob storage into a special container (e.g. download) and make that container and content public in either of two ways:
public read access for blobs only: Blobs within the container can be read by anonymous request, but container data is not available. Anonymous clients cannot enumerate the blobs within the container.
Full public read access: All container and blob data can be read by anonymous request. Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.
Then they are accessible by a URL like https://yourStor.blob.core.windows.net/download/train1.pdf
To expand on the accepted answer
Create a Storage Account, such as mystorage
In the storage account, create a container, such as mycontainer
On the container, set the Access Policy to Blob (Anonymous read access for blobs only).
Upload your file, such as myfile.txt to the container.
View the file Properties. It will show the URL to the file which is in this format: https://mystorage.blob.core.windows.net/mycontainer/myfile.txt
Note that the URL is case sensitive.
I want to upload some static images that I will later access via some mobile apps. I have an Azure Account that I rarely use so I thought that was the best place and therefore I uploaded them to a "File Share" within Azure Storage.
I naievely thought I could them just access those files via a simple web request url
https://myplace.file.core.windows.net/app/images/bnb/shop/bugle_200_2.jpg
All this gets me is a BadRequest error. I realize that I could create a Shared Access Signature (SAS) for every file but that seems total overkill.
Is there a better Azure feature to use? I do not want to have to use the Azure APIs to get at these files
Adding a few more points to #CtrlDot's excellent answer.
I completely agree that you should use Blob Storage for storing static content.
On the container permissions, I would actually recommend setting the permission (ACL) to Blob so that user can only view the blob they have the URL for and not enumerate all blobs in a container (setting container ACL to Container will enable the users to list blobs in a container which may not be a desired behaviour for you).
Other than these, there are two distinct advantage of using Blob Storage:
Custom domain: You can map blob storage to a custom domain (e.g. static content.mywebsite.com) and use that to serve the content instead of using Azure Blob Storage standard endpoint (your account.blob.core.windows.net).
CDN: You can also CDN enable your blob storage endpoint. The content will then be replicated across many CDN nodes spread throughout the globe and will be served from a node near to your user thus improving the user experience.
I think the service you should be looking to use is blob storage, not file storage. File storage, as per the documentation, is meant more for SMB shares.
When you setup Azure blob storage, you have a couple of different options. If there is nothing sensitive/secure about these static images, you could consider making a public container and simply accessing the files like that.
If you require authentication, then you need to either use azure storage access keys, or azure storage access tokens. Of the two, the storage access tokens are by far the most secure.
You wouldn't need to create a SAS token for each file, rather, grant it read permission to the container. Once again, you will have to tailor this to the security/sensitivity needs of your application.
I'm trying to access files which I'm programmatically uploading to the azure file storage.
But when pasting the direct url:
Any idea how I can directly get that file when I want to download from Azure file storage?
Direct access to files stored in file service is not allowed because the share containing these files has Private ACL and unlike blob containers there's no way to change the ACL of a share.
What you would need to do is create a Shared Access Signature (SAS) on the file that you want to access directly and use that SAS URL. When creating the SAS, please ensure that at least Read permission is included in the SAS as this permission is required to read/download the file.
Please see https://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-how-to-use-files/#develop-with-file-storage (Generate a shared access signature for a file or file share) for more details on how you can create a SAS on a file.
I've developed an application which users can upload their files and share them with each other. The files are some private files for each user and public files like profile pictures. I'm storing the files in Azure File Storage.
Assume that I have a method to retrieve a file with its id: I've implemented the permissions in the file access methods in WebApi controllers.
Is Azure File Storage is proper storage type for this scenario?
What is the best way to retrieve the files from Azure Storage? Should I read the files server-side (using Azure .NET SDK) and stream them to the clients? Is there any way to avoid streaming the file in WebApi then clients can access the file directly from Azure File Storage (considering the permission)?
Thanks
Azure File Storage exists mainly to allow lift and shift of legacy applications to the cloud.
I would recommend using Blob Storage combined with SAS tokens for your problem. Using the SAS tokens you can control access permissions on a blob level. And this avoids the need to get your files on the web server first, before relaying them to the end users.
SAS and REST access are supported in both Azure Files and Azure Blob Storage. Azure Files support other key scenarios besides life & shift. Although a bit old, this article (https://blogs.msdn.microsoft.com/windowsazurestorage/2014/05/12/introducing-microsoft-azure-file-service/) explains the difference between Azure Blob vs Azure Files vs. Azure Disks. You should also factors such as size limit for your share, folder structure, ability to natively mount to a VM, maximum file/object size, throughput requirements, pricing, SMB/REST support and etc. If you still have questions, please send an email to azurefiles AT microsoft.com and we will be happy to review your scenario and recommend the option suitable to your usage scenario.
Aung
As I know, we can use Azure blob storage to store your files. Azure blob Storage containers provide three access level: Full public read access, Public read access for blobs only, no public read access. Refer to this article for more details. For your scenario, please save private files in “no public read access”, and save public file in “Public read access for blobs only”. So that the user cannot access your private files but can read your public files. If you want to share private files to others, please try SAS as LoekD mentioned. If you want to expired the SAS token in server side. Please try to use SAS policy to do it. Read this article for more details.