Blob and SAS -- Microsoft Azure

0
votes

Earlier i was getting a blob without using a sas authorization.

But now I want only those users to be able to access a blob who has the sas token.

Lets say i want to access a file at

https://storageaccount.blob.core.windows.net/sascontainer/sasblob.txt

Now i have the SAS token too. So the new url would be

https://storageaccount.blob.core.windows.net/sascontainer/sasblob.txt?sv=2012-02-12&st=2013-04-12T23%3A37%3A08Z&se=2013-04-13T00%3A12%3A08Z&sr=b&sp=rw&sig=dF2064yHtc8RusQLvkQFPItYdeOz3zR8zHsDMBi4S30%3D

What do I do next so that only those with the second link can go and get the "sasblob.txt" file?

What changes do i have to make in the azure portal?

I guess the only change i have to make in the client side is the URL. I need to replace the URl without the sas token with the URl containing the sas token.

1
azureazure-blob-storage
sas isn't the tag you're looking for here I don't think. - Joe
SAS = shared-access-signature :/ - Chetan
@Chetan - the sas tag is not for shared access signature. It's for something completely different. That was Joe's point. There is no tag for shared access signature (nor need there be). - David Makogon

1 Answers

1
votes

As long as the blob is private (which can be set at the container level), nobody will have access without the SAS-augmented URI. Even if you kept giving out the public URI, it wouldn't work if the container was marked as private.

Also, in your example, you've created a fictitious sascontainer. Note that shared access signatures work on any blob in any container. You don't need a special designated container.

With a SAS-based URI, it will be a valid URI until such time as the time expires (or you delete the blob). If you wanted more control, such as disabling a URI, you'd need to use a Shared Access Policy. Just something for you to consider looking into. And plenty of documentation on that, should you go that route.