locked
Containers or Blob Configuration for Independent User RRS feed

  • Question

  • Hello,

    I have an requirement to develop a system where user should be allowed to Upload and Download files in there own folders. 

    These folders should be a secured folder through user name and password or some access key.

    Individual folders (directories) should not be visible or have access to other users.

    Now is it possible to achieve the same through Azure Storage ?

    If yes do i have to create a independent containers for each user or do i have to create independent blob per user.

    How do i set the restriction for Container level or blob level for independent user.

    Do we have a way to specify the Quota (Disk Size for Blob or Container) should bot be greater than XX MB ?



    K K Sanghi

    Saturday, September 20, 2014 1:24 PM

Answers

All replies

  • Hi,

    Windows Azure doesn't provide the concept of heirarchical containers, but it does provide a mechanism to traverse heirarchy by convention and API. All containers are stored at the same level. You can gain simliar functionality by using naming conventions for your blob names.

    For instance, you may create a container named "content" and create blobs with the following names in that container:

    content/blue/images/logo.jpg
    content/blue/images/icon-start.jpg
    content/blue/images/icon-stop.jpg

    content/red/images/logo.jpg
    content/red/images/icon-start.jpg
    content/red/images/icon-stop.jpg


    Note that these blobs are a flat list against your "content" container. That said, using the "/" as a conventional delimiter, provides you with the functionality to traverse these in a heirarchical fashion.
    protected IEnumerable<IListBlobItem>
              GetDirectoryList(string directoryName, string subDirectoryName)
    {
        CloudStorageAccount account =
            CloudStorageAccount.FromConfigurationSetting("DataConnectionString");
        CloudBlobClient client =
            account.CreateCloudBlobClient();
        CloudBlobDirectory directory =
            cloudBlobClient.GetBlobDirectoryReference(directoryName);
        CloudBlobDirectory subDirectory =
            directory.GetSubdirectory(subDirectoryName);

        return subDirectory.ListBlobs();
    }


    You can then call this as follows:
    GetDirectoryList("content/blue", "images")

    Note the use of GetBlobDirectoryReference and GetSubDirectory methods and the CloudBlobDirectory type instead of CloudBlobContainer. These provide the traversal functionality you are likely looking for.

    This should help you get started. Let me know if this doesn't answer your question:

    Also try these links for additional details.

    http://convective.wordpress.com/2010/01/20/access-control-for-azure-blobs/

    http://blogs.msdn.com/b/jnak/archive/2010/01/11/walkthrough-windows-azure-blob-storage-nov-2009-and-later.aspx

    http://azurestorageexplorer.codeplex.com/

    http://msdn.microsoft.com/en-us/library/dd135715.aspx

    http://travisjweber.blogspot.in/2010/10/implementing-virtual-file-system.html

    Girish Prajwal


    Saturday, September 20, 2014 5:16 PM
  • Hi Girish,

    Thanks for the response. However my concerns are still not cleared which are

    1.  How do i set the restriction for Container level or blob level for independent user.

    2. Do i have to create a independent containers for each user or do i have to create independent blob per user.

    3. How do i make sure that user accessing one blob or container is not able to see other container documents.


    K K Sanghi

    Saturday, September 20, 2014 7:14 PM
  • Hi Krishna,

    1.  How do i set the restriction for Container level or blob level for independent user?

    Refer the below mentioned links

    http://msdn.microsoft.com/en-us/library/jj721951.aspx

    http://msdn.microsoft.com/en-us/library/dd179354.aspx

    http://msdn.microsoft.com/en-us/library/ee393341.aspx

    http://msdn.microsoft.com/en-us/library/microsoft.windowsazure.storageclient.blobcontainerpermissions.aspx

    2. Do i have to create a independent containers for each user or do i have to create independent blob per user.

    When listing containers, please make sure you also have put the userId in the container’s name.

    container = blobStorage.GetContainerReference("container-" + userId);

    In addition, since you are using public containers, even if your application doesn’t list all containers, a user can still see other users containers, as long as he/she knows the container’s name. So this solution is not secured. If you don’t want clients to access the blob URL directly, just use private containers. If you want them to access the blob URL, you can use SAS.

    3. How do i make sure that user accessing one blob or container is not able to see other container documents.

    Refer this link for more details. http://msdn.microsoft.com/library/azure/ee395415.aspx

    Hope your query is answered.

    Girish Prajwal

    Saturday, September 20, 2014 8:33 PM