Provision Public and Private Blob Storage for a Web App
This IT Pro Challenge lab shows learners how to create an Azure Storage Account that has a public and a private blob storage container. Learners will upload files to each of these containers, generate a Shared Access Signature (SAS) for one of the containers, and configure a web application to use the Azure Storage Account.
In this IT Pro Challenge, learners will understand how to use the Azure portal to create an Azure Storage Account that has two blob storage containers (one public and one private). Then, learners will upload files containing metadata to each container, generate a read-only Shared Access Signature (SAS) key for the private blob storage container, configure a web app to use the newly created Storage Account, and test their work in a test web application. The skills acquired in this lab are useful for a career as an Azure developer or system administrator.
The scenario for this hands-on lab is that you are a system administrator, and your company is migrating their primary web app from their on-premise datacenter to Azure. Your job is to configure storage for assorted files that are used by the web application. To accomplish this, you will create an Azure Storage Account that has both public and private blob storage containers, upload files to each of these containers, generate a Shared Access Signature (SAS) for the private blob storage container, and configure the web application to use the Azure Storage Account that you created with three new application settings. As proof of concept, you will use a provided test page to test that the blob storage containers and the application settings were configured correctly.
Create a storage account that has blob containers
To begin the lab, you will sign in to the Azure portal and create an Azure Storage Account. Then you will create two blob containers: one for public access and one for private access.
Blob storage is a Microsoft Azure feature that allows you to store unstructured data that can be accessed from anywhere in the world. Blobs are grouped by containers, which are linked to user accounts.
Upload files to the storage account
Next, you will upload at least one file that contains the metadata “source=CloudShell” to both the public and private blob containers.
Generate a shared access signature for the private container
Then you will generate a read-only SAS key with limited access (24+ hours) for the private blob storage container. A SAS is a means of providing secure access to your data while maintaining the security of that data.
You will be able to verify that you configured the key with the correct access before proceeding to the next step of the lab.
Configure the web app to use the storage account
Your last task before testing the web application is to add and configure the following WebApp values: StorageAccountName, StorageAccountKey, and StorageAccountSAS.
To do this, you need to return to the Azure portal, search for and select App Services, and locate the Web App. Then, under Settings, you will select Configuration, and then under Application Settings, you can create three new application settings.
Test the web application
Finally, as a proof of concept, you will open the provided test page, and click Test. The test page checks to see if you configured the public and private blob storage containers and the three new application settings.
By taking this virtual lab, you will learn how to provision an Azure Storage Account, create a blob storage container with public access and one with private access, upload files to the blob storage containers, create a SAS token for a blob storage container, and verify that the provided web application can access files in the blob container.