Most of the Azure cloud services are resting behind the REST APIs, so we can access them through URLs and do operations.
Public REST APIs has challenges associated to it’s security.
In Azure we have private and public resources.
Public resources are those which can directly be access by anybody form anywhere who know the URL.
Private resources which cannot be access directly, REST API URL always returns 404 error.
SAS help us to protect our data by providing a way to grant access to private resources.
Currently SAS is available for major Azure storage services and message based Service bus services.
SAS –They are collection of query string parameters that define access control detail to your resource.
Below the steps to generate SAS for Azure Blob storage account in Azure portal.
- Go to Azure portal Storage account then select Shared access signature from blade.
In Allowed IP address: Put the IP range for all Access i.e. 0.0.0.0-255.255.255.255
- Then click on Generate SAS will give the respective SAS generated.
Components of SAS:
sp : (Key value pairs) Control access details such as permission and expiry times.
sig : signature parameter
Example of SAS token:
?sv=2016-05-31&ss=bfqt&srt=sco&sp=rwdlacup&se=2017-06-30T19:35:20Z&st=2017-06-12T11:35:20Z&sip=0.0.0.0-255.255.255.255&spr=https&sig=PxyVO9q9Vz0sg9ESs01%2BSLkbdq6d6NGhLCf1M0br77E%3D
**SAS token Combine with a valid URL of restricted resource can allow the request.
https://storageaccount17.blob.core.windows.net/ + Resource file + SAS token