sexta-feira, 3 de agosto de 2012 12:39
I would like to know if this scenario is possible:
I have one web app in windows azure, that uses asp.net membership for authentication. In my app i have 3 roles: admin, contributor, reader.
Is it possible to grant permissions to containers and blobs, to asp.net roles or users?
Let's say I have a container called: contracts under it there are 10 documents. Can I grant permissions to these as follow:
- Admin: full access at container level (will have access over all documents in container C.R.U.D.)
- Contributor: read, update at container level (will have access over all docs in container R.U.)
- Reader: read access at container level (will have access over all docs in container R.)
- Custom user: read access for document X in contracts container
Also the visibility of the files should be based on permissions. You don't have permissions to file x, than you can't see file x.
If this is possible, any advice how to implement it?
Todas as Respostas
sexta-feira, 3 de agosto de 2012 12:53
You can achieve your goals by using Shared Access Signatures (SAS) on your containers and blobs:
A Shared Access Signature is a URL that grants access rights to containers, blobs, queues, and tables. By specifying a Shared Access Signature, you can grant users who have the URL access to a specific resource for a specified period of time. You can also specify what operations can be performed on a resource that's accessed via a Shared Access Signature.
You can get more information about Restricting Access to Containers and Blobs here.
Therefore, if you use the MembershipProvider and SAS, with some effort you can implement it the way you just described.
Hope this helps!
Cheers, Carlos Sardo
sexta-feira, 3 de agosto de 2012 13:24
Thank you for your advise. I understand the membership and I understand the SAS but what I don't get is how to make the connection between these two.
If in my application I have one page: Contracts.aspx where I show all the documents from the container contracts, and my users are logged in with their own username and password, how to I make the connection between their role and SAS url so they can see/access the files where they have access only? I was thinking about implementing a custom table where I have for example the role and the SAS url ...
Thanks again! Much appreciated!