0
votes

I have application in asp.net and uploaded to Azure App service. I have file upload on the azure blob. Here issue is my blob is accessible to public I want to access images and docs in the blobs only accessible when my application is logged in. If I log out then those should not be access. How can I achieve this using azure blob storage?

1
Have you tried making the container private?Gaurav Mantri
@GauravMantri-AIS yes if container blob private then I could not see the images which is loading from the storage blob.Tushar Maru

1 Answers

0
votes

In this case, you can configure the web app with Azure AD auth(Easy Auth), follow this doc.

After doing the steps in the doc above, it will create an AD App in your AAD tenant. Navigate to the AD App in the Azure Active Directory in the portal -> API permissions, add the delegated permission of Azure Storage.

enter image description here

Then navigate to the authsettings of the web app in the resource explorer, add ["resource=https://storage.azure.com"] to the additionalLoginParams, details see this blog.

enter image description here

Navigate to the storage account in the portal -> Access control (IAM) -> make sure the user account has a role e.g. Storage Blob Data Contributor, if not, add it for the user, follow this doc.

After doing the steps above, use the user account to login the web app, you can get the access token with https://webappname.azurewebsites.net/.auth/me, then you can use the token to call the Storage REST API - GET Blob to access the things in the storage container.