none
Secure Content Management on Azure CDN RRS feed

  • Question

  • What would you recommend for high-volume downloads for this pattern?

    https://docs.microsoft.com/en-us/azure/architecture/patterns/gatekeeper

    Functions would prolly not work with 30 GB downloads I guess.

    Context:

    Dealing with an edge case for which the tool I am dealing with features a token management bit that is too rigid and not low grained enough. Therefore the need for a proxy - to avoid exposing any tokens whatsoever, as these tokens could effectively be exploited. As for the Gatekeeper solution building block: This could be easily done with the likes of NGINX.

    Not my preference, though. Would love to do this serverless. That's why I was considering Functions.

    Tips?

    Wednesday, March 20, 2019 10:32 AM

All replies

  • Hi, 

    I am not really sure how CDN can help you with this. As you don't want the token to be cached in CDN, the better approach would be going for other serverless options like Functions. 

    If you want to hide your server from Public Internet, you can use CDN. Can you please elaborate your ask?

    Regards, 

    Msrini

    Thursday, March 21, 2019 7:50 AM
    Moderator
  • Hi, 

    Any update on this issue?

    Regards, 

    Msrini

    Friday, March 22, 2019 3:15 PM
    Moderator
  • Hello!

    There is a certain amount of protected content I want to secure and the ideal way of doing that would be to issue short-lived access tokens with minimized scope. However, Azure CDN has no way of flexibly issueing tokens like you would have e.g. with SAS for BlobStorage. Instead, the tokens have to be created in a batch process with command line tools.

    If there is a way of issueing short-lived, fine-grained scope tokens for Azure CDN please let me know?

    For reference, please compare: https://docs.microsoft.com/en-us/azure/cdn/cdn-token-auth and the "encryption tool" mentioned there.

    Happy to get any hints and thanks again for looking into this!

    Friday, March 22, 2019 7:52 PM
  • Hi, 

    I don't think there is a way to issue short-lived token to Azure CDN. You need to write a custom code and issue it to Azure CDN. 

    Regards,

    Msrini

    Monday, March 25, 2019 8:00 AM
    Moderator