Integrate Blob Storage with Private Access

Azure Blob storage is a setting for collecting large amounts of unorganized object data like text or binary data. Blob storage's common applications are storing and giving images or documents straight to a browser and streaming video and audio. You can allow anonymous, public read access to a container and its blobs in Azure Blob storage. Using this, one can grant read-only access to these devices without sharing the account key, and without needing a shared access signature (SAS).

In this hands-on lab, you will learn how to integrate Blob storage with private access. First, you will write code to create a container with private blob access, and then upload test files to the container. Next, you will write code to generate a shared access signature to provide access to the container. Then, you will write code to retrieve the URLs of the uploaded files. Finally, you will test the configuration using a test page provided with the web app. The other guided and advanced challenges in this series are "Access a Public Storage Container from an ASP.NET Web App" and "Can you Integrate Blob Storage into a Web App?" respectively.

Understand the Scenario

In this lab, you are a developer for a company that is migrating its primary web app from its data center to Azure. You need to write code to access an Azure storage account used by the web app. For this challenge, you are provided with Visual Studio 2017 installed on a virtual machine. The ASP.NET MVC project for this challenge is under the d:\challenge folder on the virtual machine. All of the code that you will write will be in a single code file. You will find a list of the files and objects used for this challenge in d:\challenge\CSST02.txt. You are using an Azure resource group that contains an Azure storage account. The configuration of the storage account may not be complete when you begin this challenge. You will receive a notification when the automated configuration is complete.

Record the Storage key

An Azure storage account uses credentials, including an account name and a key. The key is auto-generated and works as a password. It does not work as a cryptographic key. Key Vault handles storage account keys by saving them as Key Vault secrets. First, they will sign in to the Azure portal and navigate to the Access keys page for the storage account. Next, they will copy the Storage account name and the key1 key value. Finally, they will check and confirm that the Storage account name is recorded for the storage account, and the key1 is recorded for the storage account.

Open the challenge project

In this section of the lab, learners will open the challenge project. First, they will open a Remote Desktop client connection using the Host, User name, and Password. Next, they will Open the d:\challenge\AzureStorageDevelopment.sln solution file. It will take several minutes for Visual Studio to load the first time. Next, they will Sign in to Visual Studio using the Azure credentials and add the Azure Storage NuGet package to the StorageChallenge project. After this, they will open the web.config file and set the testType appSetting to "2" and leave the project open for the rest of the challenge. Finally, they will check and confirm that they are connected to the challenge Virtual Machine, the StorageChallenge project is open, the Azure Storage Nuget package has been added to the project, and the testType appSetting in the web.config file is set to "2".

Code the constructor

When a class or struct is built, its constructor is called. Constructors normally initialize the data segments of the object. In this section of the lab, learners will learn how to code the constructor. First, they will open the Models/StorageContext.cs file in Visual Studio and add a private CloudBlobClient field named client to the StorageContext class. Next, they will implement the constructor by instantiating a CloudStorageAccount variable using the storageAccount and storageKey parameters and instantiating the client field using the account variable. The constructor for a class in C# is a method with no name and a return type that matches the class. Finally, they will check and confirm that the private CloudBlobClient field named client has been added to the StorageContext class, and the client field is initialized in the StorageContext constructor.

Code the UploadFile method

After coding the constructor, in this section of the lab, learners will navigate to the UploadFile method in the Models/StorageContext.cs file and add a CloudBlobContainer variable using the containerName parameter. Next, they will create the container if it does not already exist and upload the file referenced by the fileData parameter to the container. The data structure of the BlobFileData is documented at the top of the StorageContext.cs file. Finally, they will check and confirm that the code creates a container and prevents public blob access. The code uploads the file referenced by the fileData parameter to the container.

Code the GetSAS method

The SAS token is a string generated on the client-side, for instance, by utilizing one of the Azure Storage client libraries. When a client application gives a SAS URL to Azure Storage as a component of a request, the service verifies the SAS parameters and signature to confirm that it is legitimate for approving the request. In this section of the lab, learners will learn how to code the GetSAS method. First, they will navigate to the GetSAS method in the Models/StorageContext.cs file and add a CloudBlobContainer variable using the containerName parameter. Next, they will generate a SAS token for the container that allows read access and expires in 24 hours and return the SAS token. Finally, they will check and confirm that the code returns a Read-only SAS token for the containerName container.

Code the GetFileList method

After coding the GetSAS method, in this section of the lab, learners will code the GetFileList method to retrieve a list of blob files in the container. First, they will navigate to the GetFileList method in the Models/StorageContext.cs file and generate a SAS token using the GetSAS method and store it in a variable. Next, they will add a CloudBlobContainer variable named container using the containerName parameter and retrieve a list of blobs in the container. Next, they will generate a list of BlobFileData objects based on the blobs' list with the various field mappings such as Name, URL, SAS, and return the list of BlobFileData objects. Technically, blob files are accessed via the Azure Storage REST API and displaying the files via their URL takes advantage of the nature of REST APIs. The data structure of the BlobFileData is documented at the top of the StorageContext.cs file. Finally, they will check and confirm that the code generates a SAS token, a list of blob files in the container, and returns a list of BlobFileData that includes the SAS token objects based on the list of blobs.

Test the application

After coding the GetFileList method, in this section of the lab, learners will test the application. First, they will press F5 to run the application and copy into the Storage Account Name and copy into the Storage Account Key text box. Next, they will click the Test and observe the results. Finally, they will check if the web page is displaying a message that the private container is configured successfully and displaying the uploaded images.

Lab Summary Conclusion

After completing the "Integrate Blob Storage with Private Access" virtual lab, you will have accomplished the following:

• Added Azure Storage capabilities to an ASP.NET MVC project.
• Accessed an Azure Storage Account programmatically.
• Provisioned an Azure Storage blob container with private access.
• Uploaded files to an Azure Storage blob container.
• Generated a SAS token.
• Retrieved a list of files from an Azure Storage blob container.