3
Reply

SAS URI in Azure Blob Storage

Tuhin Paul

Tuhin Paul
3y
3.9k
0
Reply

What are the components of a SAS URI in Azure Blob Storage?

    beganwoodchuck

    In Angular, Zone, and more specifically Zone.js, is a mechanism dino game that assists the framework in automatically detecting when data changes in order to update the user interface (UI) without requiring you to directly call it.

    beganwoodchuck
    1w
    0
    Brandon Massey

    This is a great breakdown of the URI components! To add to this, it’s worth noting a few best practices for using SAS tokens in production:

    • Principle of Least Privilege: Always grant the minimum permissions required (e.g., only 'Read' if the user doesn't need to 'Write' or 'Delete').

    • Short Expiration Times: Set the expiry time as short as possible to minimize risk if the URI is ever intercepted.

    • HTTPS Only: Ensure the spr (protocol) parameter is set to HTTPS to prevent the token from being sent over an unencrypted connection.

    • User Delegation SAS: For even better security, consider using a User Space Waves 2 Delegation SAS, which is secured with Azure AD credentials rather than the storage account key itself.

    Brandon Massey
    Feb 24
    0
    Jay Pankhaniya

    A SAS URI (Shared Access Signature Uniform Resource Identifier) in Azure Blob Storage consists of the following components:

    Storage account name: This is the name of the Azure Storage account that the SAS URI belongs to.

    Blob container name: This is the name of the blob container that the SAS URI is granting access to.

    Blob name: This is the name of the specific blob within the container that the SAS URI is granting access to.

    SAS token: This is the actual Shared Access Signature token that grants access to the resource. It includes an access policy and a signature that verifies the identity of the requester and the validity of the permissions being granted.

    Here’s an example of a SAS URI for a blob in Azure Blob Storage:

    1. https://mystorageaccount.blob.core.windows.net/mycontainer/myblob.txt?sv=2022-02-01&ss=b&srt=sco&sp=rwlac&se=2023-04-30T23:59:59Z&st=2023-04-01T00:00:00Z&spr=https&sig=mySASsignature

    In this example, “mystorageaccount” is the name of the storage account, “mycontainer” is the name of the blob container, “myblob.txt” is the name of the blob being accessed, and the SAS token includes access policies and a signature.

    Jay Pankhaniya
    3y
    0
Message