Azure blob file load directly in html tag but with in domain
I am using Azure Blob Storage for storing and downloading files for my .net core mvc web application. I have shared the blob container as Public access.,
I am directly consuming those images, pdf inside html tags of web pages like below,
<img src="[azure_blob_img_url]" />
<embed src="azure_blob_pdf_url" />
Like this I am using to show the image inside our web app. But people can able to open this blob url directly outside our app also which is not secured.
Please give me solution, how do prevent to access the blob url outside my website domain.
I don't like to using download and return the file in my website. I want to use azure blob url directly inside html tag.
Thanks in advance!
To prevent direct access to the Azure Blob URLs outside of the website domain, you have to use Shared Access Signature with a limited time span.
Using SAS token, you can control the access permissions and expiration time for the URLs.
Generate a SAS token with appropriate permissions (read, write, or list) for your blob container or individual blobs.
string conn = "ConnectionString";
string cntr = "nagesh";
string blnName = "images.jpg";
string frontDoorEndpoint = "frontDoor EndPoint";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(conn);
CloudBlobClient blbClnt = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blbClnt.GetContainerReference(cntr);
CloudBlockBlob blb = container.GetBlockBlobReference(blnName);
string sas_Token = blb.GetSharedAccessSignature(new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(5)
});
string blob_Url = blb.Uri.AbsoluteUri + sas_Token;
string frontDoor_Url = frontDoorEndpoint + blnName;
Console.WriteLine("BlobURL: " + blob_Url);
Console.WriteLine("FrontDoorURL: " + frontDoor_Url);
Output
Take the blob Url and share it.
You can access the blob for specific time mentioned in the above code (5mins).
The method GetSharedAccessSignature is used to generate a SAS token for the blob with read permission and a 5-minute expiry time.
You can append the
SAS tokento the blob URL to create a temporary URL that can be used to access the blob.And also append the blob name to the front door endpoint to create a URL that can be used to access the blob through Azure Front Door.
- EventHubs: Limit Transaction/Operations on dedicated storage accounts
- Reducing size of Azure VM OS Disk for download/export
- Azure Blob Storage - This request is not authorized to perform this operation
- Solve timeout errors on file uploads with new azure.storage.blob package
- Downloading content of Youtube Audio file directly to Azure Blob Storage
- Microsoft Azure: How to create sub directory in a blob container
- How to get a list of files in an Azure blob storage with "az" command line tool?
- Data Factory trigger on Blob in different resource group is failing
- Azure Blob Storage SDK v12 - BlobClient DownloadAsync gone?
- Unable to send blob to Azure - missing HTTP header exception
- How to migrate to Azure TLS 1.2 When Using Microsoft.WindowsAzure.Storage
- Ways to automate deployment to ADLS and its containers using ADO
- Unable to Upload csv into Azure Blob Storage with LocationParseError label empty or too long
- How to format or compress the subject field of Event Grid events in Azure
- The MAC signature found in the HTTP request '...' is not the same as any computed signature
- How to download files with white space on name on Azure Blob Storage?
- Enabling HTTPS for a Azure blob static website
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- The type or namespace name 'Storage' does not exist in the namespace 'Microsoft.WindowsAzure'
- unable to StartCopyFromUriAsync a blob between 2 storage accounts
- using multiple storage accounts locally using azurite at the same time
- Copy ARM template from REPO to BLOB task fails "unable to download content"
- azure blob storage account - log file is not generated as per setup
- AzureWebJobsStorage Managed Identity not working
- How do I open Azure Storage Explorer at a particular subfolder programatically?
- Azure Storage accounts container public access level has dissabled
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- will looping GetBlobsAsync() but doing nothing in the loop body read the contents of the blob
- Using Python, how to update an excel sheet on Azure Blob Storage while maintaining existing data in the sheet?