Azure Web API requesting for storage account blobs

0
votes

We have multiple mobile apps which displays images, documents from azure blob storage. Right now these storage account blob containers are public, so our mobile apps can access. But now we want to restrict all these containers to private. I am looking for a generic solution where I will create .NET webapi's deploy to azure app service. This app service should talk to storage account and return the blobs/images/documents. All mobile apps should talk to app services instead of directly talking to Storage accounts.

If you could suggest the high-level overview on how to approach this?

We already have mobile apps directly talking to azure storage accounts.

1
azureazure-active-directoryazure-web-app-service
Why do you want to do that? I am curious to know.Gaurav Mantri
Why not just using SAS Token to access the files ? you could have a function returning the sas token then other apps would be able to keep downloading file from storageThomas

1 Answers

0
votes

Yes, it is a practicable plan. In this scenario, your container and blob could be private, and your web api can access them via Azure Storage SDK, and your mobile apps will be clients which need to get authorized to call your web api.

To utilize the Azure AD, you need to create two applications in Azure AD. One is a web application which represents the web api, and the other is a native application (or several apps) which represents the client.

There is an official sample for get-started with this: Samples, you may refer to it first.