Allowing access to Azure Storage nodes to select users?

Question

Hi all,

Given a stored file on Azure Storage (blobs, tables or queues -- doesn't matter), is it possible to allow access to it for all, but only based on permissions?

For example, I have a big storage of images, and a DB containing users and authorizations. I want user X to only be able to access images Y and Z. So, the URL will be generally inaccessible, unless you provide some sort of a temporary security token along with it. How's that possible? I know I can shut the storage from the outside world, and allow access to it only through an application checking this stuff, but this would require the application to be on Azure as well, and on-premise app won't be able to deliver any content from Azure Storage.

It is from my understanding that most CDNs provide such capability, and I sure hope so Azure provides a solution for this as well!

Itamar.

Answer 1

Hello,

I don't think you can achieve this level of access filtering. The only methods I'm aware of are described in this msdn article

Managing Access to Containers and Blobs

and here a blog that describes a little part of code to implement it

Using Container-Level Access Policies in Windows Azure Storage

I'm not sure this would fit your need. If I understood it right I would do it this way : 1. Organize your content in container that match the roles 2. On your on premise application check if user has access and if yes generate the right URL to give him a temporary access to the resource.

Of course this only works if the users have to go through a central point to get access to the content in the blob. If they bookmark the generated link it will fail once the expiration date is passed.

Good luck.