Scribd Logo
Upload

Welcome to Scribd!

  • Azure

    Uploaded by

    Avii Mukherji
    16 views1 page
    document

    Original Title

    azure

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views1 page

    Azure

    Uploaded by

    Avii Mukherji
    document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Managing Access to Storage Accounts

    -> Container Permission


    -> Private (no anonymous access)
    -> Blob (Anonymous Read Access for blobs only)
    -> Container (Annonymous read access for containers and blobs)

    -> SAS (Shared Access Signature)


    -> It is a query string that we add to the URL of a storage resource
    -> The string informs Azure what access should be granted

    => Account SAS Tocken : Granted at the account level to grant permissions to
    services with in the account
    => Service SAS Tokens : Grantss acess to a specific service with in a storage
    account

    Both the tokens are encrypted, they utilize hash based message authentication

    Sample Account SAS

    https://storagesample.blob.core.windows.net/sample-container?
    restype=container&comp=metadata&sv=2015-04-05ss=bfqt&srt=sco&sp=rl&se=2015-09-
    20T08:49Z&sip=168.1.5.60-
    168.1.5.70&sig=a39%2BYozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ%3d

    The resource URI is https://storagesample.blob.core.windows.net/sample-container?


    restype=container&comp=metadata. Called with the GET/HEAD verbs, this URI returns
    container metadata.

    The SAS token is sv=2015-04-05&ss=bfqt&srt=sco&sp=rl&se=2015-09-


    20T08:49Z&sip=168.1.5.60-
    168.1.5.70&sig=a39%2BYozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ%3d.

    Parameter Value Description


    sv=2015-04-05 Storage Service Version : Specifies that version 2015-04-05
    should be used for authenticating the SAS.
    ss=bfqt Signed Service : Specifies that the SAS token provides access to the
    Blob, File, Queue, and Table services.
    srt=sco Signed resource Type : Specifies that the resource types for which the
    SAS is valid are Service, Container, and Object. This means that
    the specified permissions are granted for all appropriate operations for the
    specified services.
    sp=rl Signed Permission : Specifies that the permissions for which the
    SAS is granted are Read (r) and List (l). This means that the SAS
    can be used only for operations that read data or list resources.
    se=2015-09-20T08:49Z Signed expiry : Specifies that the SAS expires on September
    9, 2015 at 8:49 AM UTC time.
    sip=168.1.5.60-168.1.5.70 Signed IP : Specifies that the IP ranges from which a
    request that includes the SAS can be authenticated are
    168.1.5.60 to 168.1.5.70.
    sig=a39%2BYozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ%3d Signature : Specifies the
    signature created from the string-to-sign,
    as shown in the section above.

    You might also like