Question

R Vaida on Fri, 07 Apr 2017 22:11:16


I have created Blob container and associated a CDN and everything is okay. I want to achieve following.

  1. No one should be able to access blob contents with blob.core.windows.net url.
  2. Content should be able to access using CDN only.

If I make the container private, even CDN is not able to access the content. If I make container public, content is available for direct access as well.

In AWS world its quite possible with access policy.


Sponsored



Replies

Richard Li - MSFT on Wed, 12 Apr 2017 21:06:19


Hi R Vaida,

This is possible with a private container and a SAS url. When a customer requests the CDN url with the sas key, the CDN will request the asset from blob using the SAS url if it is not already cached.

If you wish to keep the SAS token hidden from the end customer completely, you can use a Verizon Premium profile and use a URL rewrite rule to add the SAS url from the CDN.

Additional information on SAS: https://docs.microsoft.com/en-us/azure/storage/storage-dotnet-shared-access-signature-part-1#what-is-a-shared-access-signature

Additional information on CDN rewrite: https://docs.microsoft.com/en-us/azure/cdn/cdn-rules-engine-reference-features#url-rewrite