Skip to main content
Azure - Shared Access Signature (SAS) - Account key vs User Delegation

#cloud #azure

Hi All!

I would say Azure storage account is a long last service. Whatever the services overcome one another, azure storage stays active. For example, we can take a .NET web application which can be hosted in IIS of a Azure VM, App service with or without Docker, Function app for event based. Here based on requirements App service sometimes overcome VM and function app overcomes rest of others and so on.

When we use any of the cloud service, security is one of the main pillar need to consider. Here we are going to talk about Blob storage account access granting to customer or somebody else who requires it.

Consider a scenario that customer application place a file, it would be csv or JSON or XML what ever it may be but a single type. Let's take JSON here.

We need to allow some people to access that file. Here we have two questions as below

  1. Who are those some people whether Azure AD user or Non-Azure AD user?
  2. What permission we need to grant? so only granting Read permission is sufficient or should we grant some additional access as well?

For #2, If they want to only access / download, we can grant only Read and List permission is SAS. No need to grant Write, Delete, Create etc.,

The main purpose of this post is to discuss the question no.1

we have 2 types of signing method

  1. User Delegation
  2. Account Key

If the team or specific users who are part of Azure AD needs to access blob(s), we can go for user delegation.

If the team or specific users who are not part of Azure AD needs to access blob(s), we can go for Account Key.

The vital part of Account key SAS is, If any body rotate the key (Access Key), SAS may become invalid. We need to recreate the SAS to share with the people who already has previous one.

Account Key based SAS can be generated based on Key1 or Key2 as you can see in the below image,If you rotate key1, only key1 gets afftected.

Comments

Post a Comment

Popular posts from this blog

Azure Static Web Apps - Plan Comparison #cloud #azure Hi All! Azure Static web app is a good service when we have static web apps like javacript frameworks and libraries applictions (Ex: Angular, React, Svelte, Vue, Blazor). It also supports Python 3.10 based static web app as well as per the latest azure news. Other advantage of it is coupled with your Azure AD. so that your code can be directly pushed to azure static web app via either Azure DevOps or Github whenever code push occurs. At the time of azure static web app creation, it asks for deployment source as any one of the below. Based on the selection, it allows you to select the organization, project and repositories from the source. Azure DevOps - Azure AD connected Devops organizations will be listed out Github Other - For ex: If you want to deploy code from other organization. Below table will be helpful to choose the best pricing plan for your workload. Plan/Feature Free Standard ...
1 comment
Read more
Glimpse - Azure function migration from .net6 in-process to .net8 isolated Microsoft/Azure periodically announces the end of support for some services and ask us to migrate to a new version/release when they come up with a robust solution than the deprecated. In this post we are going to see a glimpse/UI configuration change of azure function 𝗺𝗶𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗳𝗿𝗼𝗺 .𝗻𝗲𝘁𝟲 𝗶𝗻-𝗽𝗿𝗼𝗰𝗲𝘀𝘀 𝗺𝗼𝗱𝗲𝗹 𝘁𝗼 .𝗻𝗲𝘁𝟴 𝗶𝘀𝗼𝗹𝗮𝘁𝗲𝗱. Here, I'm not going to deep dive about the migration whereas going to see the illustration of changing .net version from UI. For learning, GUI is the best place to start. So, as a dev guy we would prefer azure portal mostly. Consider a scenario that, you're requested to migrate your existing .net6 function app to be migrated .net8 isolated, you would go to settings panel and try to change the version in configuration, but the option would be disabled, it was disabled for me initially. Shocking and Afraid! After some point of ...
Post a Comment
Read more
Azure Devops - work items bulk import-update-publish to Devops using Excel #cloud #azure #devops Hi All! As a azure devops guys and work on scrum or any other methodologies, we have many chances to update our tasks in devops. There are chances that project manager and/or project lead need to work on consolidated work items for presentation. We can update our task one by one individually which takes more time and Consider the below scenaio. Project lead or we need to modify the state of 100 work items. More than 15 work items title need to be modified. To achieve the above with minimal effort and time, we have Azure Devops Office Integration feature which will help us to work on excel and update the work items altogether from excel to Devops all at once. Here before, we used query in Devops and then we would export into CSV. Now with the help of above software, we can work in an excel for updation very easily. Please look into the below images. In th...
Post a Comment
Read more