The Blog

A safe way to give temporary rights

Say you want to share some files from Azure blob storage, but you don’t want those files te be available for everyone to see, then SAS is the answer. To create a SAS you first have to set up a permission policy, which you afterwards assign to your storage container.

We prepared a code example that will guide you through the process and show you how to create one.

First things first, establish the connection with your storage account using your connection string. Create a CloudBlobClient and pass in the name of your container.

var connectionstring = ConfigurationManager.AppSettings["Your_Connection_String"];
var storageAccount = CloudStorageAccount.Parse(connectionstring);
var client = storageAccount.CreateCloudBlobClient();
var container = client.GetContainerReference("Your_Container_Name");

Once you have your container, you can start defining your policy.

Create a new permission object and add a new policy to the SharedAccessPolicies collection. Determine your parameter values for SharedAccessStartTime, SharedAccessExpiryTime and Permissions and set the policy on the container to activate it.

SharedAccessStartTime = Start time of the token
SharedAccessEndTime = End time of the token
Permissions = Level of permission (read/write)

var containerPermissions = new BlobContainerPermissions();
containerPermissions.SharedAccessPolicies.Add("twominutespolicy", new SharedAccessBlobPolicy {
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-1),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(2),
Permissions = SharedAccessBlobPermissions.Read
});
container.SetPermissions(containerPermissions);
var sas = container.GetSharedAccessSignature(new SharedAccessBlobPolicy(), "twominutespolicy");

You now have a policy in place that will return a token that states you have a two minute window to open or download the file.

Remember that it is never a good idea to make your blobs publicly available, certainly not if you are planning to use them in your applications. Because in 80% of the cases you will be dealing with sensitive information that you don’t want others to see, only those who have the proper permissions.

So if you do decide to expose blobs in an application, then always use private blobs in combination with Shared Access Signatures.

Microsoft Azure EA MSDN Dev/Test

Microsoft launched an offer for the Enterprise Agreement customers, which allows you to create subscriptions dedicated to dev & test.

 

Why would you want to use it? Several reasons, but first and foremost because it will save you money. Next to the discount you already have on your EA, you will get discounted hourly rates for your virtual machines. Simply put, you will be able to run Windows instances at the Linux price. Next to that, there is no charge for MSDN software that runs on the instances like MS SQL Server.

If you are doing a lot of dev & test, but would like to keep everything administratively nicely under the EA, this is great.

So where’s the catch? You don’t get the financially backed SLA. But then again, it clearly states dev & test, so that is not so strange.

 

Next to the discount, you will also find the Windows 10 & 8 images are available on these subscriptions, which comes in handy for those who want to play fiddle around with the Windows 10 without installing it locally.

 

More information can be found on http://azure.microsoft.com/en-us/offers/ms-azr-0148p/