Adeyemy1980
Blob Storage/ SAS URL Generation

Blob Storage/ SAS URL Generation

Learn the steps to keep sensitive documents in Azure Blob Storage private while allowing brief access to outsiders.

Emmanuel Eniade's photo
Emmanuel Eniade
·

5 min read

This article will guide us through step by step on how to store a confidential document in Azure Blob Storage without public access but with external user for just 5 minutes using SAS (Shared Access Signature) without granting full access to the storage account.

Azure Blob Storage is Microsoft's object storage solution for the cloud. Blob Storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn't adhere to a particular data model or definition, such as text or binary data.

Let’s get started

SIGN IN TO AZURE PORTAL

Before getting started, please create free account on the portal or use pay as you go subscription to sign in to the Azure portal with your credentials.

a) From the home page, click on Storage Account highlighted

b) Click on create button as highlighted

Project Details

In the project details category, we have the subscription and resource group;

a) Subscription

An Azure subscription in simple terms means a membership or access pass to use Microsoft Azure. It's similar to subscribing to a service or signing up for a subscription plan. With an Azure subscription, individuals or organizations can use and benefit from the various services and resources provided by Azure at a cost depending on your type of subscription. However, it also offers free and trial options, giving you a chance to explore and experiment with Azure before committing to a paid subscription.

b)Resource Group

A resource group in Azure is like a container or folder that helps you organize and manage the different resources such as virtual machines and databases that you use in the Azure cloud.

Imagine you have a room with different items scattered all over the place. It becomes challenging to find what you need when everything is upside down. In this scenario, the room represents your Azure cloud environment, and the resources are the items in the room. Now, imagine you decide to tidy up and arrange your items where they are initially meant to be. Each compartment keeps related items organized and makes it easier to find what you need.

Instance Details

a) Give your storage account a global acceptable name

b) In the region section, select the closest location to your customer

c) Select the primary service i.e storage account kinds

d) Select performance as shown

d) Select Redundacy type based on your requirement, check read Access and click “Next”

Security

Under security section, for restricted access to the public to our blob, the anonymous access will be left uncheck.

Note: Please check anonymous access if no restriction to the public

a.) Under Security section, scroll down to Access Tier, select tier based on your need and Click on “Next”

Networking

Under Networking click on “Next” as shown in red

Recovery

Under recovery, leave it as it and click on next below

Encryption

a) Choose microsoft keys as shown

b) Choose review+ create

c) Review the summary page of the storage account and click on “create”

d) Once the deployment is complete, click on "Go to resource".

Creating Container to storage account/SAS URL generation

Create a container to the storage account in order to put blob into it. This steps below shows how to create container to the storage account and how to insert blob into the container created with SAS URL generation.

a) On the overview page of your storage account click "data storage"

b) From the drop down menu, click on “containers”

c) Give your container a name

d) Leave anonymous access level as “private” since you do not want public access then click on create

e) Check to ensure container is successfully created with your chosen name

i) Double click on container name as shown

f) Having double clicked on container name from the above step, it will reveal this page for us to upload our blob.

i) Click on upload at the left side of the page

ii) To the right side, click on drag and drop or browse file and insert your either pictures or video

iii) Then click on upload at the bottom to upload your blob

g)Having uploaded your Blob, it will show below as “jpg file” as shown below

i) To the far right of the blob, click on three dot to show the drop down

ii) Click on Generate SAS

h)From the overview page, copy the URL as shown in “red”

I) Open a new tab on your browser and paste the URL. This will display error message since we chose to restrict it to public

SAS URL generation

The essence of generating SAS URL is to to allow external user to access our blob for a specific time frame. In this case, we will allow external user to access our Blob for just 3 minutes by following below steps;

i) From the overview page, click on Generate SAS

ii) Set start and expiry date

iii) Set time of your choice. For example this time is set to 10:56:15 AM (start) and 10:59:15 AM (expiry)

iv) Scroll down as shown to the right of the page to reveal your URL, click on Generate SAS token and URL having finished setting the time as shown above.

v) Copy Blob SAS URL as shown

vi) Open a new tab on your browser and paste your SAS URL to display below image

vii) Finally, Wait for the 3 minutes set to expire then refresh the page, it will give you error. This means the external user could no longer have access to the blob after the set time.

I hope this step-by-step tutorial helps you with Blob Storage/SAS URL generation.

Thank you