Azure Storage - Restrict IP in SAS when using Stored Access Policy
Question
In Azure Storage Accounts, I've started using the SAS (Shared Access Signature) and SAP (Stored Access Policy) to secure access to specific queues in Azure Storage Queues.
What I'd like to achieve is restricting specific IP's to specific queues (1.1.1.1 can access queueA but 2.2.2.2 can't).
Currently I've seen I can use the Storage Account level SAS to restrict IP's, as well as set restrictions in the Networking section of the Portal. These don't quite cut it.
(I am aware of the following question, but wasn't satisfied with the responses, which say to try setting the Networking of the Storage Account - Is it possible to filtre on IP address for Azure STORAGE SAS with ACCESS POLICY? )
Thanks
1 answers
solution1
1 ACCPTED 2021-01-28 10:00:10
You can use code to create a service SAS token for that queue(for example, the queue named queueA), then associate it with Stored Access Policy .
For example(please modify the code to meet your need):
QueueClient queueClient = new QueueClient(connectionString, "queueA");
//create a service SAS
QueueSasBuilder sasBuilder = new QueueSasBuilder()
{
QueueName = "queueA",
//set the ip here
IPRange = new SasIPRange(IPAddress.Parse("172.16.0.1"))
};
//associate the service SAS with the Stored Access Policy
sasBuilder.Identifier = storedPolicyName;
//then you can use this uri with sas token to operate this queue
Uri sasUri = queueClient.GenerateSasUri(sasBuilder);
For more details, you can refer to this article (it's for blob storage, but you can easy to modify it for queue storage).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.