Reputation: 4546
ASP.NET Core 2.0 - how to forward file from Azure Storage with auth
I need an advice here first, then tech details.
My app generated PDF's and stores them in Azure Storage in a private container. But when user authenticates (I use Azure AD B2C) and goes to his personal page I need to show links to those PDF's. Now, those links must not be public, so I think I need:
1) some kind of middleware to auth the user when he accesses those kind of links
2) to request the file from Storage and pass it on to the response
What's the best way of doing this? (considering performance too)
My first idea was to use SAS tokens and just limit time for about 5-10 minutes. But what if user opens the page and leaves his browser open for an hour, then comes back and click on PDF link?
Upvotes: 0
Views: 1055
Answers (1)
Reputation: 8509
I agree with @Federico Dipuma. I used this way in one of my projects. I am here to share my code.
Code of generate SAS URL.
public string GetBlobSasUri(string containerName, string blobName, string connectionstring)
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionstring);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference(containerName);
CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName);
//Set the expiry time and permissions for the blob.
//In this case no start time is specified, so the shared access signature becomes valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(10);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read;
//Generate the shared access signature on the blob, setting the constraints directly on the signature.
string sasContainerToken = blockBlob.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the blob, including the SAS token.
return blockBlob.Uri + sasContainerToken;
}
Redirect to the URL in your web application.
public ActionResult FileDownload()
{
string blobURL = GetBlobSasUri("blob name","container name", "connection string");
return Redirect(blobURL);
}
Upvotes: 1
Related Questions
- How to add authentication to Azure storage blob upload
- Uploading file without copying content to root folder .NET Core 2.2
- Azure Storage FileShare with ASP.Net Core and Razor Page
- ASP.NET Core, Azure storage controller
- How to upload a file in to azure blob in Asp.Net Core?
- Azure Blob Storage - Server failed to authenticate the request
- Azure Blob Storage 403 Authentication Failed
- Making Azure blob Url accessible only to Logged in users
- Configuring Azure Blob access in ASP.Net 5
- Azure file storage: authenticated direct downloads