locked
web app with blob container per user RRS feed

  • Question

  • Hello,

    Currently, I am implementing a cloud based application in which user can upload files. I have created blob container name with "<container>_<user_id>". Somehow, even i logged in with different users, the list of blob files are showing with the files of other users. I am not able to figure out what is the reason for it. Is this because of the "public access" or something else? If anybody suggest I have to do which will result is the appropriate result as needed.

    Thank you.

    Cheers.


    bipin
    Friday, November 4, 2011 3:49 PM

Answers

  • Hi,

    As pointed out by Brent, when listing containers, please make sure you also have put the userId in the container’s name.

    container = blobStorage.GetContainerReference("container-" + userId);

    In addition, since you are using public containers, even if your application doesn’t list all containers, a user can still see other users containers, as long as he/she knows the container’s name. So this solution is not secured. If you don’t want clients to access the blob URL directly, just use private containers. If you want them to access the blob URL, you can use SAS.

     

    Best Regards,

    Ming Xu.


    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    Tuesday, November 8, 2011 11:19 AM

All replies

  • how are you generating your list of blob containers?
    Friday, November 4, 2011 3:59 PM
  • initializing a new blob container for each users with respect to the user id. it will create a container if there is not already container created with the given name for the container as <container>_<userid>.

    blobStorage = storageAccount.CreateCloudBlobClient();
    container = blobStorage.GetContainerReference("container-" + userId);
    container.CreateIfNotExist();


    bipin
    Friday, November 4, 2011 4:11 PM
  • Right, that creates the container, how are you listing the containers in the storage account?
    Friday, November 4, 2011 4:34 PM
  • Hi,

    As pointed out by Brent, when listing containers, please make sure you also have put the userId in the container’s name.

    container = blobStorage.GetContainerReference("container-" + userId);

    In addition, since you are using public containers, even if your application doesn’t list all containers, a user can still see other users containers, as long as he/she knows the container’s name. So this solution is not secured. If you don’t want clients to access the blob URL directly, just use private containers. If you want them to access the blob URL, you can use SAS.

     

    Best Regards,

    Ming Xu.


    Please mark the replies as answers if they help or unmark if not.
    If you have any feedback about my replies, please contact msdnmg@microsoft.com.
    Microsoft One Code Framework
    Tuesday, November 8, 2011 11:19 AM
  • Thank you for your suggestion.

    Cheers,


    bipin
    Tuesday, November 15, 2011 9:49 AM