Force HTTPS connection to Azure Blob Storage

0
votes

I would like to only allow secure HTTP (HTTPS) connection / access to blob container through Shared Access Signature (SAS) URL on Azure Blob Storage (ABS). Can that be achieved? How?

2
azureurlhttpsazure-blob-storage
How are you creating SAS? Are you using .Net Storage Client library?Gaurav Mantri
@GauravMantri Yes. I use this: nuget.org/packages/WindowsAzure.StorageRotem Varon

2 Answers

3
votes

Please use this override of CloudBlobContainer.GetSharedAccessSignature for including the protocol restriction.

Here's sample code to do the same:

    static void GetHttpsOnlySas()
    {
        var storageAccount = new CloudStorageAccount(new StorageCredentials(accountName, accountKey), true);
        var blobClient = storageAccount.CreateCloudBlobClient();
        var blobContainer = blobClient.GetContainerReference("container-name");
        var sas = blobContainer.GetSharedAccessSignature(new SharedAccessBlobPolicy()
        {
            Permissions = SharedAccessBlobPermissions.List,
            SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1)
        }, 
        null, 
        SharedAccessProtocol.HttpsOnly,//This option will force SAS to work only on HTTPS
        null);
    }
1
votes

When you create the sas token you can set a "protocol" parameter. If you set it to https only https will be allowed. More info can be found here: https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/

When using the sdk to generate the sas token you have to use this method: https://msdn.microsoft.com/en-us/library/azure/mt616571.aspx and set the SharedAccessProtocol parameter.