How can I access Azure Blobs by URL with Active Directory authentication?

0
votes

We've got an Azure Blob storage Container with access level Private.

We've uploaded a blob, and the portal (and API) gives us a nice friendly URL for it.

We've given our Azure Active Directory group Owner role over the subscription, and Azure Blob Data Reader role to the storage account.

But I browse to the URL and it returns with ResourceNotFound.

Our end goal is to use it with an <img src="*blob url*" /> in a blazor server app (in an authenticated context).

Is this possible?

We're aware we can generated shared access keys and tag them onto the url. But we'd prefer to use pure AzureAD instead, if possible.

1
azure-active-directoryazure-blob-storage
Are these blobs files like image files that you can embed in the web page of your app?Gaurav Mantri
Yep. That's right.Josh
Unfortunately you won't be able to accomplish this by using Azure AD directly. You would have to use SAS URL only. The reason being the images are requested by the browser and they should be accessible to the browser.Gaurav Mantri
Only alternative would be to download these images on the server (or in the browser) and then show them that way. But directly referencing blob URL in img tag won't work.Gaurav Mantri
Well. That sucks :D. We'll go the SAS way for now, but I'll leave the question open in case one day it becomes possible!Josh

1 Answers

0
votes

In your scenario, your option is to use the SAS URL, to access the blob via Azure AD authentication, you need to use the OAuth 2.0 flows e.g. auth code flow, client credential flow to get the access token, then use the access token to access the blob, otherwise you will get the ResourceNotFound error.

enter image description here

enter image description here

If you want to use it in <img src="*blob url*" /> via Azure AD authentication, it is not possible, because you cannot pass an access token on images which are directly used as href in img tag.