Looks like as of August 2023 anonymous access to storage accounts has been disabled. I am trying to create a CDN which will host javascript file(s) for various corp-wide related apps to use.
Since anonymous access is disabled, how can I give read access to consumers of my Azure CDN?
When trying to view the CDN endpoint (using a browser) i keep getting this error:
<Code>PublicAccessNotPermitted</Code>
<Message>Public access is not permitted on this storage account.</Message>
I know there are SAS tokens, but they have an expiration, so I dont feel this is a viable solution.
What are viable solutions to resolve this CDN/storage access issue? It seems like disabling anonymous access kind of makes the general use-case for CDN's to be obsolete.
Right now Im kind of at a roadblock and seriously just considering publishing my javascript(s) as a node package.
Updated
I have to double check this, but it looks like I got unblocked by adding a adding a System user identity on the CDN with role of Reader.
Updated (3 days later)
Upon verifying things today I am not able to access things again on the CDN endpoint. So I am back to the drawing board on this one.
If your blob storage endpoint is configured to disallow anonymous read access, you should provide a Shared Access Signature (SAS) token in each request you make to your Azure CDN domain.
By default, anonymous read access is not allowed for blob storage endpoints. If your data should be publicly available, you can explicitly enable anonymous access for the blob storage. To allow public access for a storage account, perform the following steps:
I have just checked one of my storage accounts where anonymous access is enabled and it works as expected with the configuration shown above.