This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 55.00000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
I've followed a tutorial to create an API that allows B2C users to sign in and upload/download files to specific Azure Storage Blob containers they are assigned to. However, I've encountered an issue. After logging into the single-page application (SPA) with one account, then allowing the B2C token to expire (the web app session is set to 15 minutes and is absolute) and then logging in with a different account in the same browser session, both accounts seem to have access to the same container. I want it so that each account would have access only to their designated container. How can I make sure that each account has separate access to different containers?
For reference, this forum post I made previously contains the code and explanation for how I'm assigning B2C users to specific Azure Storage Blob containers. Please let me know if any more information is needed or if anything I said needs clarification :)
Edit:
I checked the token claims and even after logging in with a different account, the "aud" and "name" values are set to the first account's values, rather than the newly logged in account's values. I also added more context to the B2C token's settings.
This is more or less possible on with Entra ID non B2C tenant. You either need to make sure that the users are guest users in the xyz directory, or move the container to that directory. As long as they at least have guest access to tenant you can assign them permissions to use the storage container.
Access can be scoped to the level of the subscription, the resource group, the storage account, or an individual container or queue.
Also in the above shared doc we have used Blob Storage's Static Website:
Blob Storage's Static Website hosting feature gives us a default container to serve static web content / html / js / css from Azure Storage and will infer a default page for us for zero work.
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.
Hi Akshay-MSFT, thank you for your response.
I'm sorry about my misunderstanding, but I'm a little bit confused - are you saying that if I move the B2C users to my company's main directory, then I can control what containers they should have access to on my storage account?
Sorry for my confusion, I find the Entra ID terminology a little confusing to wrap my head around :)