0
votes

Earlier i was getting a blob without using a sas authorization.

But now I want only those users to be able to access a blob who has the sas token.

Lets say i want to access a file at

https://storageaccount.blob.core.windows.net/sascontainer/sasblob.txt

Now i have the SAS token too. So the new url would be

https://storageaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=2012-02-12&st=2013-04-12T23%3A37%3A08Z&se=2013-04-13T00%3A12%3A08Z&sr=b&sp=rw&sig=dF2064yHtc8RusQLvkQFPItYdeOz3zR8zHsDMBi4S30%3D

What do I do next so that only those with the second link can go and get the "sasblob.txt" file?

What changes do i have to make in the azure portal?

I guess the only change i have to make in the client side is the URL. I need to replace the URl without the sas token with the URl containing the sas token.

1
sas isn't the tag you're looking for here I don't think.Joe
SAS = shared-access-signature :/Chetan
@Chetan - the sas tag is not for shared access signature. It's for something completely different. That was Joe's point. There is no tag for shared access signature (nor need there be).David Makogon

1 Answers

1
votes

As long as the blob is private (which can be set at the container level), nobody will have access without the SAS-augmented URI. Even if you kept giving out the public URI, it wouldn't work if the container was marked as private.

Also, in your example, you've created a fictitious sascontainer. Note that shared access signatures work on any blob in any container. You don't need a special designated container.

With a SAS-based URI, it will be a valid URI until such time as the time expires (or you delete the blob). If you wanted more control, such as disabling a URI, you'd need to use a Shared Access Policy. Just something for you to consider looking into. And plenty of documentation on that, should you go that route.