'How to secure the attachment URL getting from cloud services
I have an angular form where the user is uploading the attachment.
On uploading, the attachments are stored in the Azure Storage Account. In return, I am receiving the URL of the attachment.
The URL generated is accessible to the public, Is there a way how I can add my authentication?
Expected Result:
- if a user opens the URL in the browser, it takes to
auth page. - Where user will be asked to enter username - password
Solution 1:[1]
To create a Shared Access Signature (SAS), I used the generateSharedAccessSignature method.
With that, I am using the date helper functions to easily create a SAS that expires after 1 minute.
To be noted: Change the access policy of the container to Private(no anonymous access
accountName, accountKey => get from azure. For ease and security store them in environment files
Run the below command in terminal:
npm install azure-storage
NodeJS Code:
var azure = require('azure-storage');
var blobService = azure.createBlobService(accountName, accountKey);
var startDate = new Date();
var expiryDate = new Date(startDate);
expiryDate.setMinutes(startDate.getMinutes() + 1);
var sharedAccessPolicy = {
AccessPolicy: {
Permissions: azure.BlobUtilities.SharedAccessPermissions.READ,
Start: startDate,
Expiry: expiryDate
}
};
var token = blobService.generateSharedAccessSignature(containerName, blobName, sharedAccessPolicy);
var sasUrl = blobService.getUrl(containerName, blobName, token);
Learning resource:
Solution 2:[2]
Yes, you can use a shared access signature token to grant temporal access to a specific file or list of files. But you cannot redirect to your website's "auth" page if a user open's Azure's URL.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 |