Home > Mobile >  Best way to hide Azure credentials and connection string in Xamarin project
Best way to hide Azure credentials and connection string in Xamarin project

Time:05-18

I am working on a Xamarin project, and there is a requirement, from time to time upload generated data to the Azure storage container.

There is a connection string that contains credentials etc, and this connection string is using to connect to the Azure and create BlobClient instance.

It is a requirement to connect to Azure directly, no intermediary web-service is involved in this upload process.

My question, what is the best way to protect this connection string from reverse engineering and attacking my customer's Azure storage?

I consider symmetric encryption of this string, declaring a constant with encrypted string and decryption of this encrypted string at the runtime.

Are there better options exist?

CodePudding user response:

How I would do it is to use regular OAuth to authenticate the user. Use this auth to call some API, to issue a short-lived SAS token to access the Azure Blob Storage.

You could also have this API return the specific URL for the blob storage, so the App doesn't need to store that either.

  • Related