Windows azure platform (24) blob of Windows azure Storage Service (ii) Windows azure platform Series

Source: Internet
Author: User

Windows azure platform articles

 

In the previous chapter, we learned that users can upload files (such as photos, word, and Excel files) to Windows azure storage blob, then, access the resource anonymously through HTTP.

However, a problem occurs: WeNo access control for this resource.

For enterprise applications, information security is very important. If an enterprise application is deployed on the Windows azure public cloud, all file resources are uploaded to the azure storage blob, and all external personnel of the enterprise can access these resources anonymously through HTTP, obviously, this information security is far from enough. So how can we set access permissions for BLOB resources so that only authorized persons can access them? In this case, you need to use the Blob service functions: shared access policy and shared access signature.

To use shared access, you must first set container to a State that does not allow anonymous access, that is, blob information cannot be accessed through a URL. Otherwise, the shard access function is meaningless. The shared access security mechanism consists of a series of shared access policy objects. Each shared access policy defines a secure access policy, which includes:

    • Permissions: defines the functions that can be used for blob. These functions can be configured in combination, that is, one or more features are available at the same time, through the "or" operation. Specific permission options include:

      • None: no operation is allowed.
      • Read: allows read operations.
      • Write: allow write operations
      • Delete: Allows deletion.
      • List: allows you to list blob operations under the container.
    • Sharedaccessstarttime: the start time of the Blob operation. If this attribute is not set, it is the current time.
    • Sharedaccessexpirytime: The operable expiration time of blob.

In this way, you first need to obtain a shared access signature when operating blob or iner. That is, create a shared access signature using the shared access policy just mentioned, and then append this signature to the URL to access the blob, so that the Blob can be accessed in a safe way. If the expiration time specified by the shared access policy is exceeded or the operation is permitted, the operation cannot be completed.

Next, download myInstanceAnd use Visual Studio 2010 to start the demo.

The main function of this instance is to create a blob container that is not allowed to be accessed anonymously, and then upload the local photo to this container. Finally, set the access permission and expiration time for the container.

CoreCodeIn default. aspx. CS, they are:

1. When creating a container, set the container access level to not allow anonymous access.

  private   void   ensurecontainerexists () {  var  container =  getcontainer ();  ///   check whether the container is created. If not, create a container   container. createifnotexist ();  ///   set container to be inaccessible  container. setpermissions ( New   blobcontainerpermissions () {publicaccess  =  blobcontainerpublicaccesstype. off}) ;} 

2. Set the access permission and expiration time, that is, the corresponding shared access policy. Because this signature is only used to access blob content during subsequent webpage rendering, you can set a short expiration time. The advantage of this is that you can see the URL and signature content in a timely manner, and you cannot access this blob after the time limit is exceeded, thus achieving the function of protecting photos and anti-leech. Set the expiration time to 5 seconds. Only the read permission is allowed. Then, the getsharedaccesssignature method returns a string, that is, shared access signature.

 
 VaRSAS =Blob. getsharedaccesssignature (NewSharedaccesspolicy () {Permissions=Sharedaccesspermissions. Read, sharedaccessexpirytime= Datetime. utcnow. addseconds (5)});VaRSecureurl = blob. Uri. absoluteuri +SAS; lblurl. Text= Secureurl. tostring ();

3. Start the project

    • Click "Browse" and select the photo and file on the local machine.
    • Click "Upload image"
    • After the upload is complete, the URL of the image is displayed on the page.

4.FastSelect this URL and enter it in the Internet Explorer Address to view the uploaded image.

5. If you access this image resource more than 5 seconds, you will get the error message.

 

Note: You can use vs to configure blob container in cscfg configuration.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.