Azure Blob 存储文件访问
[英]Azure Blob Storage file access
问题描述
Is there a configuration in Azure Blob storage that lets you link to a single file (or one that lets you link to a specific 'folder' in the Azure portal interface), but redirects the viewer into a login screen if they're not already signed in? 
Azure Blob 存储中是否有配置允许您链接到单个文件(或允许您链接到 Azure 门户界面中的特定“文件夹”),但如果查看者尚未登录,则将其重定向到登录屏幕登录?
I am not terribly familiar with Azure Blob storage yet, but I see an option for 'anonymous' access, which isn't what I want (I want them to need to be logged in and have the proper permissions for that container), and I see an option for SAS (which isn't what I want, because it grants anyone who has the link access, and is time-boxed)我还不太熟悉 Azure Blob 存储,但我看到了“匿名”访问的选项,这不是我想要的(我希望他们需要登录并拥有该容器的适当权限),并且我看到 SAS 的选项(这不是我想要的,因为它授予任何拥有链接访问权限且有时间限制的人)
https://learn.microsoft.com/en-us/answers/questions/435869/require-login-when-accessing-blob-storage-url.html https://learn.microsoft.com/en-us/answers/questions/435869/require-login-when-accessing-blob-storage-url.html
This link appears to be asking the same question, and the response says something about 'role-based authentication' - I get the concept of adding roles to users, and using those as the authorization, but even as the owner of the blob container I can't seem to just link to myservice.blob.core.windows.net/container/myfile.jpg and download it without appending a SAS key.这个链接似乎在问同样的问题,并且响应说了一些关于“基于角色的身份验证”的事情 - 我得到了向用户添加角色并将这些角色用作授权的概念,但即使我是 blob 容器的所有者似乎不能只链接到 myservice.blob.core.windows.net/container/myfile.jpg 并在不附加 SAS 密钥的情况下下载它。
Nor a way to link to myservice.blob.core.windows.net/container/myfolder and have it authenticate them then take them into that 'directory' in the UI.也没有办法链接到 myservice.blob.core.windows.net/container/myfolder 并让它对它们进行身份验证,然后将它们放入 UI 中的“目录”。
1 个解决方案
解决方案1
1 已采纳 2021-10-05 11:25:02
If the access level of the container is set to public anonymous, we can directly access the Blob Uri in the browser to access the blobs.如果容器的访问级别设置为public anonymous,我们可以直接在浏览器中访问Blob Uri来访问blob。
If the access level of the container is set to private, opening the Blob Uri in the browser doesn't redirect the user to the login screen.如果容器的访问级别设置为私有,则在浏览器中打开 Blob Uri 不会将用户重定向到登录屏幕。 Instead, it will give ResourceNotFound error.相反,它会给出 ResourceNotFound 错误。
Even the proper role is assigned in the Role Assignments for the blob storage, still we would not be able to access the Blob Uri from the browser without appending the SAS token.即使在 blob 存储的角色分配中分配了适当的角色,如果不附加 SAS 令牌,我们仍然无法从浏览器访问 Blob Uri。 Because, opening the direct Blob Uri in the browser doesn't trigger the OAuth flow.因为,在浏览器中直接打开 Blob Uri 不会触发 OAuth 流程。
Even though, it is not possible to access the blob Uri from browser and download the files, there are other ways to accomplish this.尽管无法从浏览器访问 blob Uri 并下载文件,但还有其他方法可以完成此操作。
We can use Azure CLI, PowerShell and Rest API to access the blob data with the authenticated users.我们可以使用 Azure CLI、PowerShell 和 Rest API 与经过身份验证的用户一起访问 blob 数据。
If you want to access the blob data from the browser, we can use function app.如果你想从浏览器访问blob数据,我们可以使用function app。 We can enable the function app for authentication.我们可以启用 function 应用程序进行身份验证。 Then the authenticated users can access the blob data via function app.然后经过身份验证的用户可以通过 function 应用程序访问 blob 数据。
Reference: azure - Access a blob file via URI over a web browser using new AAD based access control - Stack Overflow参考: azure - 使用新的基于 AAD 的访问控制通过 URI 通过 web 浏览器访问 blob 文件 - 堆栈内存溢出
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.