I've done a ton of searching and looking at examples but cannot find what I think is possible. I want to give read access on a blob-by-blob basis, and NOT open the entire container to be readable. All the examples I found show how to create a full authenticated URL for a blob, which I got working. What I'm finding is that I can take that SAS key and append that to any other blobs in the same container and they will be readable.
Can I create a SAS key that is only valid for a single BLOB? If so, an example/link would be appreciated!
You can certainly set shared access signature at Blob level. If you're using .Net Storage Client library, do take a look at GetSharedAccessSignature function on a blob. I wrote a blog post on Shared Access Signature some time back where you will find some code for creating SAS for blob: http://gauravmantri.com/2013/02/13/revisiting-windows-azure-shared-access-signature/.
Related
I have a question about Azure Blob storage, whenever I make the Blob Public Access Disabled we’re unable to successfully access anything inside the container, is it anything I need to set? Like encoded call?
You will need to have some kind of authorization. Refer to THIS documentation. The safest is to use Azure active directory.
Another option is to use a container level shared access signature or SAS as shown in the screenshot. The signature is signed using the storage account key and can be set to be valid for a specific period. On clicking Generate SAS, you will get a url which you can use to direct access your container. You can also have blob level SAS if needed for a specific blob.
I have two Azure Blob Storage containers. Container A and B. I would like to grant Read only access to another Azure User for Container-A. The second container Container-B should not be visible to the Azure user. The Azure user will be accessing the blobs in Container-A from his Azure Virtual Machine. How do I achieve this? Reading on the web seems that I would need to generate Shared Access Signature, but how I am not sure.
Exactly, that is the scenario where you want to use SAS.
First, please read the Azure Storage security guidance to make sure that you are aware of all of the available options.
Here is the very helpful guidance on the SAS model.
Second, you need to generate the SAS with policies (please, refer to the guidances above). It can be done programmatically (sources are available in the guidance) and then you may give that SAS link to user you want anyway you want - it can be the online page where the user can grab the string, or you can write the simple tool to generate the SAS. Be aware, however, that they have the "life" and you need to renew them periodically.
I am working on a website where I need to dynamically host images. My intention is to host the images with full URL.
I tried CDN but come to know it has a limitation of that image will only be available 15 mins after upload.
Other options is Blob storage, when I read the document it says "Block blobs" are most ideal for image and media content. Therefore, I am trying to use that.
So, I've following questions:
What is the best way to host images on Azure for such requirements?
If I use Blob storage then how can I get the full URL so that I can that URL to load images in my product?
There really isn't a best way to store images. Some people store them in blob storage (as you referenced), some go with database engines... But, since you asked specifically about how to interact with blob storage and URI's:
All blobs are referenced by uri: http(s)://storagename.blob.core.windows.net/containername/blobname
You can set every blob to private or public (whether at blob or container level), and then either return URI's to your user/webpage (if public) or generate a Shared Access Policy or Shared Access Signature to temporariliy grant access to a private blob (I'll leave that as an exercise for you to look up).
It's completely up to you to create containers and blobs as needed. How you find a blob later is also up to you, so you'll need to think about how you store their names or their URIs (e.g. in a database table somewhere). You can always iterate through containers to search for a given blob, but that is time-consuming, vs direct-retrieval (again, assuming you've stored the URI as metadata somewhere in a database).
I using Azure Shared Access Signature to create Url to redirect download from my Azure, problem is when download is using Original Name of File, I want to change filename when user download to client.
Anyone have solution.
Thanks
p/s: my Container on Azure is Private permission and I using Asp.net MVC 4
Blobs cannot be renamed or aliased. The only thing you can change is the base dns name (which you can map to a custom name).
That said: If you really wanted to present a unique blob for download and not use the current name, you could make a blob copy (a very fast operation within the same data center) to the name you desire, and then offer up a Shared Access Signature to that new blob. After a reasonable amount of time (maybe just beyond expiration of the SAS), you could then delete the extra blob.
I need to store multiple files that users upload, and then provide these users with the capability of accessing their files via http. There are two key considerations:
- Storage (which is my primary concern here)
- Security (which let's leave aside for now)
The question is:
What is the most cost efficient and performant way of storing all these files and giving access to them later? I believe the answer is:
- Store files within Azure Storage Account, and have a key that references them in an SQL Azure database.
I am correct on this?
Is a blob storage flat? Or can I create something like folders inside it to better organize my files?
The idea of using SQL Azure to store metadata for your blobs is a pretty common scenario, which allows you to take advantage of SQL for searching, and blobs for storage.
Blobs are organized by container. So you'd have something like:
http://mystorage.blob.core.windows.net/mycontainer/myfile.doc
You can also simulate a hierarchy using a delimiter, but in reality there's just container plus blob.
If you keep the container or blob private, the user would either have to go through your web front end (or web service), or you'd have to provide them with a special URL with a Shared Access Signature appended, which is a time-limited URL.
I would recommend you to take a look at BlobShare Sample which is a simple file sharing application that demonstrates the storage services of the Windows Azure Platform, together with the authentication and authorization capabilities of Access Control Service (ACS). The full sample code is located at following link:
http://blobshare.codeplex.com/
You can use this sample code immediately, just by adding proper reference to your Windows Azure Account credentials. The best thing with this sample is that you can provide blob access directly through Access Control Services. You can also modify the code to add SAS support as well as blob download from public containers. Once you have it working and understood the concept you can tweak to make it the way you would want.