简体繁体 English

使用Azure Blob存储，我们需要应用程序的用户特定文件访问权限，有什么方法可以实现？

[英]With Azure blob storage we need Application's user specific file access, Is there any way to achieve?

原文 2016-07-05 13:40:11 8 2 asp.net/ azure/ file-permissions/ azure-storage-blobs/ user-permissions

We are try to using blob storage to save our application's files and documents on Azure's blob storage and we have requirement user specific files access. 我们正在尝试使用Blob存储将应用程序的文件和文档保存在Azure的Blob存储上，并且我们要求用户特定的文件访问权限。 At this point any one can see any of the files.I don't want to do that. 在这一点上，任何人都可以看到任何文件。我不想这样做。 User should access their own files only if the other files they are trying to see or access then that should be redirected to the login page and should shows them you don't have access permission. 仅当用户尝试查看或访问的其他文件时，用户才应访问自己的文件，然后应将其重定向到登录页面，并应向您显示您没有访问权限。

How can I achieve this with Azure's blob storage? 如何使用Azure的Blob存储实现此目标？ I have tried to find some solution around this but I can't if any one can help then that would be very help full. 我试图找到一些解决办法，但是如果有人能帮上忙，那将是非常有帮助的。

2 个解决方案

You should be able to use Shared Access Signatures, in combination with your existing application's user store, authentication and authorization mechanisms, to control Azure blob access: 您应该能够将共享访问签名与现有应用程序的用户存储，身份验证和授权机制结合使用，以控制Azure Blob访问：

http://www.dotnetcurry.com/windows-azure/901/protect-azure-blob-storage-shared-access-signature http://www.dotnetcurry.com/windows-azure/901/protect-azure-blob-storage-shared-access-signature

You can adjust the timeouts, store the access keys, etc. as your application requires. 您可以根据应用程序的需要调整超时，存储访问密钥等。

Here's how we did it in our application. 这是我们在应用程序中执行此操作的方式。 Please see if this approach can be used in your application. 请查看是否可以在您的应用程序中使用此方法。

In our application, every user is assigned a unique id (a GUID). 在我们的应用程序中，为每个用户分配一个唯一的ID（GUID）。 When the user signs up, we create a blob container and the name of this blob container is set as the id of the user. 用户注册后，我们将创建一个Blob容器，并将该Blob容器的名称设置为用户的ID。 All the files for that user are kept in that blob container. 该用户的所有文件都保存在该Blob容器中。 When the user needs to access those files, we simply create a Shared Access Signature (SAS) for that blob container with appropriate permissions and share that SAS with that user (as mentioned by Henry in his answer). 当用户需要访问这些文件时，我们只需为具有适当权限的Blob容器创建一个共享访问签名（SAS），并与该用户共享该SAS（如Henry在他的回答中提到的那样）即可。

Depending on the number of users, you may also want to consider load balancing these containers across multiple storage accounts. 根据用户数量，您可能还需要考虑跨多个存储帐户对这些容器进行负载平衡。 They way we have accomplished this is when a user signs up, we randomly assign a storage account from a pool of storage accounts and the blob container for that user is created in that storage account. 通过这种方式，我们完成了此操作，即当用户注册时，我们从存储帐户池中随机分配一个存储帐户，并在该存储帐户中创建了该用户的Blob容器。