I am using windows azure blob storage service. I want to protect my blobs from public access (except my users).For this i used Shared Access Signature (SAS) and it works fine. But my issue is that i have a Container which contains blob in a directory structure, like :
https://xxxxxxx.blob.core.windows.net/myContainer/directory1/blob1
https://xxxxxxx.blob.core.windows.net/myContainer/directory1/blob2
https://xxxxxxx.blob.core.windows.net/myContainer/directory1/blob3
https://xxxxxxx.blob.core.windows.net/myContainer/directory1/blob4
https://xxxxxxx.blob.core.windows.net/myContainer/directory1/blob5
https://xxxxxxx.blob.core.windows.net/myContainer/directory2/blob1
https://xxxxxxx.blob.core.windows.net/myContainer/directory2/blob2
https://xxxxxxx.blob.core.windows.net/myContainer/directory2/blob3
https://xxxxxxx.blob.core.windows.net/myContainer/directory2/blob4
https://xxxxxxx.blob.core.windows.net/myContainer/directory2/blob5
and so on...
Now my requirement is that i want to give public access to all blobs in myContainer under directory2
but not to blobs which is under directory1
, i want to keep all the blobs under directory1 as private. How can i achieve this?
There are no directories in Azure blob storage. Those "directories" you have now are just blobs with a /
embedded in the name. Since permissions are only at the container level, you'll have to create separate containers.
You can create two containers.
One Private container with SAS on Container level and One public access container
https://xxxxxxx.blob.core.windows.net/private/blob1
https://xxxxxxx.blob.core.windows.net/private/blob2
https://xxxxxxx.blob.core.windows.net/private/blob3
https://xxxxxxx.blob.core.windows.net/private/blob4
https://xxxxxxx.blob.core.windows.net/private/blob5
https://xxxxxxx.blob.core.windows.net/public/blob1
https://xxxxxxx.blob.core.windows.net/public/blob2
https://xxxxxxx.blob.core.windows.net/public/blob3
https://xxxxxxx.blob.core.windows.net/public/blob4
https://xxxxxxx.blob.core.windows.net/public/blob5
You can only set permissions on container level, so you're left with two options.
Preferred option) Creat an additional public container and move your blobs. Worse option) Create an seemingly endless valid sas link for all of your files.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.