Restrict access to static website hosted on azure storage to intended users

Question

I hosted a simple website in Azure storage using the static website feature. The url of the website is now publicly available. (anyone with the url can access the website). But my intention is to provide access only to the users who I want to. Is there a way that can restrict the public access to the static website hosted in Azure storage?

Answer 1

You can use SAS (shared access signature)

• You can keep your blobs in the static website as Private access (only blob owner can access with storage account key)
• Then you can have simple service to authenticate and authorize your clients (if many) and generate SAS tokens for them to access the blob (web page). This service can also renew the tokens for them.
• If it's a limited number of people you can generate SAS and simply share a link with clients.

You can do this at the granularity of the blob (web page) so you can authorize some to read some pages, while they can't read others ...etc.

Answer 2

Static website hosting makes the files available for anonymous access. If you need to control who can access the files, you can store files in Azure blob storage and then generate Using shared access signatures (SAS) to limit access.

The links in the pages delivered to the client must specify the full URL of the resource. If the resource is protected with a valet key, such as a shared access signature, this signature must be included in the URL. https://learn.microsoft.com/en-us/azure/architecture/patterns/static-content-hosting

You can try configure a CDN endpoint to hit a private Blob container (do not use Static Website feature because the endpoint is completely public) through SAS tokens. Azure CDN supports this scenario natively – in worst case you can write rewrite rules to redirect requests to the Blob endpoint with SAS tokens.

Using Azure CDN with SAS