Using active-directory with Windows Azure to share videos

Category: azure security


Gideon Isaac on Thu, 24 Oct 2013 16:50:33

A while back I asked a question about sharing a video URL with only a few friends.  The idea was that I would show the video on my website, using an Azure URL.  If one of my friends foolishly told the URL to a Russian spy, who wanted to steal the URL and give it to his masters in the Kremlin, that would be OK, because the URL wouldn't work for them, it would only work for my friends.  I was told "shared signatures" might accomplish this, but to-date have not studied them sufficiently.

 But this morning, I got an email about a new feature, "Azure Active Directory".  This sounds like it might be a solution, but I have never used regular non-Azure Active Directory, (I don't have need for it, since I  have a home PC using Windows 7 and don't share the PC on a network).  

So my question is pretty basic.  Does Active Directory let me specify that 5 users in 5 different locations with 5 different computers can somehow sign-in to Azure (without having a paid Azure account) and be given permissions by my own administrative Azure account to see my video?

I hope my purpose is clear, I have in mind something like YouTube, where people sign in, and then can see videos that have been specifically shared with them, and nobody else.


Steve Syfuhs on Thu, 24 Oct 2013 17:35:20

Short answer: no, but yes with a bit of effort.

Azure Active Directory is a user store and authentication thing. It can provide the first half of what you want, e.g. create 5 accounts for your friends and provide an authorization framework, however it does not tie into storage like you're wanting. You'd need something that can take the authentication of the user, e.g. a website, and convert it into a SAS. Deciding whether you want to allow the authenticated user to access to data, and generating the SAS is up to you.