Home > Blockchain >  Can you set public / private read access for azure blobs in the same container?
Can you set public / private read access for azure blobs in the same container?

Time:02-11

The Azure documentation says that storage blob containers can be made with public or private read access (see here). This says that public access can be set to 'Container' or 'Blob', and explains the differences in the table.

However, it isn't clear if, having set the container with Blob level public access:

container.CreateIfNotExists(Azure.Storage.Blobs.Models.PublicAccessType.Blob);

This implies that the public read access is set on a blob by blob basis, and if so, how to set it up.

However, I am not sure this is true? I have seen various other posts about copying blobs around between different public/private containers, which somewhat backs up my thinking. The client creation doesnt appear to have a public/private setting:

BlobClient blobClient = container.GetBlobClient(filename);

... and using the above coding, then all blobs created have public access.

My problem is that I need to allow users to change the state of uploaded images/videos to public or private. I am wondering if there is a less cludgy way than moving the blobs around between private and public containers..?

CodePudding user response:

Public access is a container level setting. There are two options for public access: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal#set-the-public-access-level-for-a-container.

  • Public read access for blobs only (Blob): Anonymous requests can get blobs by their full URL (caller must know the container and blob name)
  • Public read access for container and its blobs (Container): Anonymous requests can get blob list for the container (caller must only know container name)

So I would say that yes, you either have to move them between containers or handle the authorization on your side.

CodePudding user response:

Your right in your assumptions, the access level is defined on the container.

To workaround your issue, I would suggest granting access to all blob's using Shared Access Signatures. That way your application logic can control access, but all downloads still happen directly from blob storage.

  • Related