Azure currently REQUIRES a connection string in order to create a shared key for handling secure client-side uploads. Details
For creating SAS tokens for securely reading blobs from an authorized client, or for server-side blob manipulation, blob accepts using managed identities and RBAC.
Goal:
Split library into 2 parts:
Signed String Functionality (authenticated with connection string)
Everything Else (authenticated with managed identities and RBAC)
This will be helpful as other projects that need to reference this only the read and server-side manipulation can forgo the connection string
The reason we use Shared Keys for writing to blob storage instead of SAS tokens is that Shared Keys allows rejecting a client-side upload if the size of the file and the type of the file don't match what was authorized by the server. SAS tokens currently do not provide such protections, allowing an end user to upload a file of unrestricted size.
While undertaking this effort - please be sure to add/update MADR, noting the decision and date last confirmed that the known limitations are what they are.
Azure currently REQUIRES a connection string in order to create a shared key for handling secure client-side uploads. Details
For creating SAS tokens for securely reading blobs from an authorized client, or for server-side blob manipulation, blob accepts using managed identities and RBAC.
Goal:
Split library into 2 parts:
This will be helpful as other projects that need to reference this only the read and server-side manipulation can forgo the connection string
The reason we use Shared Keys for writing to blob storage instead of SAS tokens is that Shared Keys allows rejecting a client-side upload if the size of the file and the type of the file don't match what was authorized by the server. SAS tokens currently do not provide such protections, allowing an end user to upload a file of unrestricted size.
While undertaking this effort - please be sure to add/update MADR, noting the decision and date last confirmed that the known limitations are what they are.