I am using Azure Files to store files for my Web Application, which I have previously mentioned here.
I am currently processing the files/sub-directories within a directory, and outputting a navigation table so the user can navigate into sub-directories, and in the end, obtain said files. I'm doing this by using the methods described in the 'Access the file share programmatically' section of this Azure Documentation article.
My question is very simple, how can I, from my Web App, which is
running in Azure app service, provide a public URL were the user
can download/view the file?
Please note, I would prefer that the file is not automatically downloaded, since most of the files would be a .PDF, and therefor preview-able in the browser.
My question is very simple, how can I, from my Web App, which is
running in Azure app service, provide a public URL were the user can
download/view the file?
One possible solution would be to create a Shared Access Signature (SAS) on the files with at least Read permission and use that SAS URL. Depending on the file's content type, the file's contents will be either displayed inline in the browser or the user will be prompted to download the file. If you want to force the download, you could always override Content-Disposition response header in the SAS.
Using Shared Access Signature (SAS) could be a solution but it is probably an overkill in the given scenario.
In provided scenario the Blob Storage with public access is the most practical way to store files. From documentation:
... You can specify that a container and its blobs, or a specific blob, are available for public access. When you indicate that a container or blob is public, anyone can read it anonymously; no authentication is required. Public containers and blobs are useful for exposing resources such as media and documents that are hosted on websites. To decrease network latency for a global audience, you can cache blob data used by websites with the Azure CDN.
https://azure.microsoft.com/en-us/documentation/articles/storage-introduction/
To set container permissions from the Azure Portal, follow these steps:
Navigate to the dashboard for your storage account.
Select the container name from the list. Clicking the name exposes the blobs in the chosen container
Select Access policy from the toolbar.
In the Access type field, select "Blob"
Related
I have a web application (ASP.NET MVC) which uses Azure Blob Storage for storing documents and images. Each user has specific access rights to the blobs and this
is stored in web application's database.
Currently I have a quick temporary solution which uses the web application as a middle layer that runs the authorization and if the client has read access to the blob,
it is first retrieved from Azure and then delivered to the client. This is of course not the optimal way of doing it for many reasons.
I have started to rebuild this part using SAS (Shared Access Signatures), but can't find a good source for setting up a system that will scale well as the number of
users and files grow. I am expecting the number of users to be around 100 and the number of blobs to be around 100 000.
As I see it I have two options.
1) All files have one signature stored in the web applications database and this is used for all users who have access to the file. This would be the easy way to do it,
but if a user for some reason does not still have access to the file, they will still be able to access the file if they have the link from earlier access.
2) All files have specific signatures for each user who has access to the file. This will make it easy to revoke access to files, but the number of signatures will
be massive and will this have any side effects?
Are there any more options?
Any thoughts on this are greatly appreciated!
Rather than having SAS for each users it would be better that you group the files by roles and map the users to roles which is easy to scale irrelevant to number of users.
Also giving access to users to blob directly is not recommended as you want to distribute your blob content through your application. So provide access to application with specific in context of role of user.
See below article for generating twominute SAS which expires in two minute so your users with the link does not have access to image for long time.
http://www.dotnetcurry.com/windows-azure/901/protect-azure-blob-storage-shared-access-signature
Hope this helps. :)
I'm building a streaming app similar to pandora. However right now I'm storing all my files on http and accessing them with urls. Is there an alernative to this because all the files are in the public html folder? For example how does apps like pandora or spotify pull files off their servers. I'm new to web severs and not sure where to ask this question. I have a centos server on vps hosting with apache, MySQL, http, ftp.
You just need to provide the content as a bit stream rather than a file download. The source of that data to send as a stream can be stored as binary data in a BLOB column in a database or as a regular file on a non-public part of the file system. It really does not mater which one you use.
Storing them in the database gives your app a bit easier access and makes the app more portable since it is not restricted the file system level permissions.
The fact you currently have the files in a public folder is not really that critical of an issue since you are making them available for download. You would just need to make sure you have an authentication requirement if you want to restrict who can access them.
Is there a way to access files, such as those created by the CCB tool, that are placed into a specific directory in the Manage Files area of a course offering? I've tried the topic API, but the new /file path only returns a value when the file is attached to a topic - not if it's just "hanging out" in the files area. Is there a more generic way to access the entire file structure there - maybe even by using WebDAV)? If so, is there a way to turn WebDAV on?
Thank you,
-George
The Valence Learning Framework API does not currently offer direct access to the Manage Files area.
I believe that clients can engage D2L to provide WebDAV access to the Manage Files store; the D2L client should contact their account manager to work through the details of setting this up for their use. This is not a feature that a third party integrator can count on all clients having available though, as it does (I believe) require a special engagement with D2L around a client's service.
Google's Drive service is great, but their documentation is quite confusing...What I want to do is to create a portfolio site where upon request I fetch all files contained in a particular folder from my Google Drive (e.g. a photo gallery). This requires iterating through an amount of subfolders and store the file data in a JS object, XML feed or similar. Language is not so important. Simply using the "Publish to the web" feature won't do as I can only make manual requests and they're very limited.I've tried to use the Files: list provided in the SDK but it won't work without requiring OAuth 2. Found out that its possible to make a "domain-wide delegation of authority" and bypass its authorization but that would require me to set up a Google Apps domain. Seriously, all that to fetch some files?
My best guess now is to use the https://googleapis.com/auth/drive.metadata.readonly scope, but from there I'm out of ideas.
Im struggling to find an answer to this. I have a website that is deployed in a shared hosting environment. I want to allow people to upload files to my azure blob storage account.
I have this working locally, using the storage emulator, however when I publish the site I get a Security Exception.
Is this actually possible under a shared hosting envrionment ?
Cheers
A bit more detail would help, in understanding how these uploads are taking place. That said, I'll make the assumption that people are uploading directly to Blob Storage, and not through your Website (or Web Service).
To allow direct uploads, you need to provide either a public blob or container (which everyone in the world can see), or create a temporary Shared Access Signature (SAS) on a specific blob or container, that grants access for a short time window.
If your app is Silverlight, then you are probably running into a cross-domain issue (and you'll need to correct that with an access policy).
If you provide more details around the way uploads are being sent, as well as the client and server technology, I can edit my answer to be more specific.