6

Developing an API using asp.net

Is it possible to redirect a user to a private azure blob storage? Can i do this using SAS keys or the azure blob SDK?

For example I want to do something like this:

var response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(bloburl);
return response;

Is it possible to access a private blob by putting a key in the URL? Obviously i dont want to put the master key though.

JakeD
  • 407
  • 2
  • 7
  • 19

1 Answers1

7

Is it possible to redirect a user to a private azure blob storage? Can i do this using SAS keys or the azure blob SDK?

Yes, it is entirely possible to redirect a user to a private blob. You would need to create a Shared Access Signature (SAS) with at least Read permission and append that SAS token to your blob URL and do a redirect to that URL.

Your code would look something like this:

        var cred = new StorageCredentials(accountName, accountKey);
        var account = new CloudStorageAccount(cred, true);
        var client = account.CreateCloudBlobClient();
        var container = client.GetContainerReference("container-name");
        var blob = container.GetBlockBlobReference("blob-name");
        var sasToken = blob.GetSharedAccessSignature(new SharedAccessBlobPolicy()
        {
            Permissions = SharedAccessBlobPermissions.Read,
            SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1)//Assuming you want the link to expire after 1 hour
        });
        var blobUrl = string.Format("{0}{1}", blob.Uri.AbsoluteUri, sasToken);
        var response = Request.CreateResponse(HttpStatusCode.Moved);
        response.Headers.Location = new Uri(bloburl);
        return response;
Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • This is great thanks, just what I need. I didn't know that I could append a SAS key to a blob URL and reference it that way. I will report back after trying to implement. – JakeD Feb 10 '17 at 16:49
  • Quick question: Is there any downside to creating a new SAS key for every blob request performance-wise? Also, since an application is using this API just to download a single image via the blob link, I assume it would be fine to have each link expire in 1 min? I imagine even a second consecutive request for the same blob will create a new SAS key.. – JakeD Feb 10 '17 at 17:14
  • 1
    `Is there any downside to creating a new SAS key for every blob request performance-wise? ` - Not that I can think of. Creation of SAS key doesn't make any network calls so there are no network or IO overhead. – Gaurav Mantri Feb 10 '17 at 17:37
  • 1
    Hi @GauravMantri - could you update your answer to use the latest API from Azure.Storage.Blobs, please? I believe that is here: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-dotnet – Sean Kearon May 28 '21 at 16:02
  • 1
    @seankearon - Sure, let me take care of it over this weekend. – Gaurav Mantri May 28 '21 at 16:37
  • @GauravMantri - I've had a try myself today and you can see my approach in [this Gist](https://gist.github.com/seankearon/cae6441bd2789fede6f0ca80a50fd790). – Sean Kearon May 29 '21 at 13:58