none
Azure Storage for app's file Upload/Download feature

    Întrebare

  • I am trying to implement, file upload and download via my app. I am able to upload and download the files using SAS but these uses  time based token. I would like to have something like a one-time token based access. The app uses its own MS .NET Identity to authenticate the user and then uses different Azure account credentials for Azure access. Prevention against man-in-the-middle is important.

    I used this article

    https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1#types-of-shared-access-signatures

    Thanks


    vineri, 22 iunie 2018 23:03

Toate mesajele

  • you may refer this link, see if this helps for your scenario. In case doesn't help, please do provide more details about your requirement.

    Azure Storage samples using .NET.

    sâmbătă, 23 iunie 2018 06:37
    Moderator
  • Checking in to see if the above answer helped. 
    Let me know if there are still any additional issues I can help with.

    marți, 26 iunie 2018 04:48
    Moderator
  • Hi,


    Create the policy on your Blob container,folder or in file and set the expiration data which could be some long date and time and associate this policy to your blobs.


    marți, 26 iunie 2018 06:14
  • Thanks for your response. I don't think this resolves my issue. In my scenario, there are application users who are downloading files from Azure Storage Container via SAS token. They use the same Azure account with security policy on it which limits their access to one container and have only read privilege. The SAS URI uses a token which has start and end date for its expiration. In the Azure article it was stated that due to time zone differences, clock skew and other considerations it is recommended to have start date which is at least 15 minutes in past. This will result in SAS URI being valid for at least 15 minutes. The SAS URI is a https request in clear text. Anyone who has this URI will be able to access the resource in Azure container for at least 15 minutes. Using man in the middle attack this URI can be stolen and resource can be downloaded by an unauthorized party.

    But if a one-time token is used for accessing the resource on the Azure Container then even if the URI is stolen it does not matter as the URI will be invalid after one use. This is more secure solution and that is what I am trying to implement for file download from Azure Container.

    Let me know if you need more explanation.

    Sorry for responding so late.

    marți, 3 iulie 2018 20:38
  • Unfortunately, SAS tokens are the only way to grant access to a private container in Azure. If SAS tokens do not fit the needs of your application, you might need to put an additional layer between the customer & Azure Storage, or use a different storage hosting solution. 
    joi, 12 iulie 2018 18:57
  • Checking in to see if the above response helped to answer your query. Let us know if there are still any additional issues we can help with.

    sâmbătă, 14 iulie 2018 11:37
    Moderator