azure.net-coreazure-blob-storageconnection-stringcredentials

How does Azure BlobStorage connection data have to be stored to support all available addressing modes?


I am using libraries Microsoft.Azure.Storage.Blob 11.2.3.0 and Microsoft.Azure.Storage.Common 11.2.3.0 to connect to an Azure BlobStorage from a .NET Core 3.1 application.

Users of my application are supposed to supply connection information to an Azure BlobStorage to/from where the application will deposit/retrieve data.

Initially, I had assumed allowing users to specify a connection string and a custom blob container name (as an optional override of the default) would be sufficient. I could simply stuff that connection string into the CloudStorageAccount.Parse method and get back a storage account instance to call CreateBlobCloudClient on.


Now that I'm trying to use this method to connect using a container-specific SAS (also see my other question about that), it appears that the connection string might not be the most universal way to go.

Instead, it now seems a blob container URL, plus a SAS token or an account key (and possibly an account name, thought that seems to be included in the blob container URL already) are more versatile. However, I am concerned that the next way of pointing to a blob storage that I need to support (whichever that may be) might require yet another kind of information - hence my question:

What set of "fields" do I need to support in the configuration files of my application to make sure my users can point to their BlobStorage whichever way they want, as long as they have a BlobStorage?

(Is there maybe even a standard solution or best practice recommendation by Microsoft?)


Please note that I am exclusively concerned with what to store. An arbitrarily long string? A complex object of sorts? If so, with what fields?

I am not asking how to store that configuration once I know what it must comprise. For example, this is not about securely encrypting credentials etc.


Solution

  • On Workaround To access the Storage account using the SAS Token you need to pass the Account Name along with the SAS Token and Blob Name if you trying to upload and You need give the permission for your SAS Token .

    Microsoft recommends using Azure Active Directory (Azure AD) to authorize requests against blob and queue data if possible, instead of Shared Key. Azure AD provides superior security and ease of use over Shared Key. For more information about authorizing access to data with Azure AD, see Authorize access to Azure blobs and queues using Azure Active Directory..

    Note: Based on my tests you need to pass the Storage Account Name And SAS Token and the Container Name And Blob name

    Example: I tried with uploading file to container using container level SAS Token . able to upload the file successfully.

    enter image description here

    const string sasToken = "SAS Token";
    StorageCredentials storageCredentials = new StorageCredentials(sasToken);
    
    const string accountName = "teststorage65";//Account Name
    const string blobContainerName = "test";
    const string blobName = "test.txt";
    const string myFileLocation = @"Local Path ";
    
    var storageAccount = new CloudStorageAccount(storageCredentials, accountName, null, true);
    CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
    CloudBlobContainer blobContainer = blobClient.GetContainerReference(blobContainerName);
    //blobContainer.CreateIfNotExists();
    CloudBlockBlob cloudBlob = blobContainer.GetBlockBlobReference(blobName);
    cloudBlob.UploadFromFile(myFileLocation);
    

    As you already know You can use the Storage connection string to connect with Storage.

    CloudStorageAccount storageAccount = CloudStorageAccount.Parse("Connection string");
    CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
    CloudBlobContainer container = blobClient.GetContainerReference("test");
    

    Your application needs to access the connection string at runtime to authorize requests made to Azure Storage.

    You have several options for storing your connection string Or SAS Token

    1. You can store your connection string in an environment variable.

    2. An application running on the desktop or on a device can store the connection string in an app.config or web.config file. Add the connection string to the AppSettings section in these files.

    3. An application running in an Azure cloud service can store the connection string in the Azure service configuration schema (.cscfg) file. Add the connection string to the ConfigurationSettings section of the service configuration file.

    Reference: https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string