Azure Storage - Exposing A Container With A File Structure

2
votes

I'm trying to upload a folder structure, which contains an html file, which references css and javascript files within that folder structure, in a private azure blob storage container.

When the html file is browsed to, I'm expecting it to retrieve the css and javascript files, just like you'd see if it was an html file as part of a website.

I can make this work if the container is completely public, but I'm struggling to achieve the same results when the container is private and I supply a SAS token.

Suppose the container contains an html file called "main.html" and a css file called "css/mystyles.css" (main.html will have the link tag for the css file pointing to the following relative url "css/mystyles.css").

If I create a SAS token to the container (Let's just call it "mySAS" for simplicity), then navigate to the main.html file, appending the SAS token like so:
https://my-storage-account.blob.core.windows.net/container-name/main.html?mySAS

The main.html file will load correctly as the SAS token will be appended at the end, however the css file will not, so it will return a 404.

I think I already know the answer, but is it even technically possible to store and present an html file and all of it's associated files without putting it in a public container?

I should note that modifying the paths specified in the html file is not an option, as they're files I don't control, so I don't know what they'll look like ahead of time.


There's a few (Very messy and undesirable) hybrid solution where I place it in a private container, then make it public on-demand and after a time switch it back to a private container.

Or go for a more extreme hybrid solution, where I store it in a private container (Which is never exposed), then whenever it's requested, copy the contents to a short lived public container (Reducing the risk that someone might note down the public container in the first hybrid scenario, then access it again later when it's perhaps not intended to be available for them).

I'd really rather stick with a private container and SAS token solution if it's at all possible.

1
azureazure-storageazure-blob-storage

1 Answers

2
votes

If your question is about reusing a SAS token: You can't. You have to generate a URL+SAS combination, and the SAS is a hash based on the URL. You cannot just create a SAS token once and then append it to a URL. Otherwise, there's nothing stopping someone from guessing URLs and appending one URL's SAS to another URL.

If the goal is to have a static site, with no backend logic, then you need to have your content public (or you have to pre-generate all of your URLs to have SAS properly appended).

If you want dynamic access (e.g. you have no idea what content will be served up), you'd need to have some type of backend app server which serves content (e.g. returns a new html page with appropriate SAS-based links embedded in the various tags).