Share via

Need help in connecting azure blob in 2 different storage accounts without SAS token

Gopal Singh 0 Reputation points
2024-05-30T10:15:46.5633333+00:00

Need help in connecting azure blob in 2 different storage accounts without SAS token

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,639 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amrinder Singh 4,670 Reputation points Microsoft Employee
    2024-05-30T13:22:33.5933333+00:00

    Hi Gopal Singh - Thanks for reaching out.

    Can you please elaborate on the ask.

    Is it regarding transferring of data between 2 storage account and from where (client) are you trying to connect to those account?

    e.g. The below link talks about leveraging AzCopy for transferring data between source and destination. Further it provides multiple options to connect to storage:

    https://learn.microsoft.com/en-us/azure/storage/common/storage-ref-azcopy-copy

    0 comments
  2. Nehruji R 4,766 Reputation points Microsoft Vendor
    2024-05-31T06:16:32.27+00:00

    Hello Gopal Singh,

    Greetings! Welcome to Microsoft Q&A Platform.

    I understand that you would like to connect to Azure Blob storage across two different storage accounts without using a Shared Access Signature (SAS) token correct me if incorrect.

    • While SAS tokens are recommended, you can also use the storage account key directly for authentication. In your code, create a CloudStorageAccount object using the account name and account key. Then, use this account to access the blob. However, using the account key directly is less secure than SAS tokens, as it grants full access to the storage account. Avoid hardcoding it in your code.
    • If you’re using ADLS Gen 2, you can use Azure Active Directory (AD) authentication in conjunction with service accounts or managed service identities (MSI). ADLS Gen 2 provides an alternative to SAS tokens for authentication. refer this article.
    • If the Container level access is set to Public, then the Blobs present inside the container can be accessed via the URL. Set the access type and policy used for either storage account or container level to either as AD or SAS.
    • Try using the Azure Front Door and CDN Profile to cache the file inside the Blob storage and after caching the file, if you call the same URL without SAS token the file will be accessible.By default, when you cache files using AFD and Azure CDN, the cached content is accessible with the original URL that includes the SAS token. If you call the same URL without the SAS token, the cached file remains accessible. refer - https://learn.microsoft.com/en-us/azure/frontdoor/scenario-storage-blobs, https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/frontdoor/integrate-storage-account.md.
    • For copying data between storage accounts without using SAS auth - You can use Azure Data Factory tool: https://learn.microsoft.com/en-us/azure/data-factory/quickstart-create-data-factory-copy-data-tool where ADF can use System-assigned managed identity authentication and Service principal authentication.
    • Choose an Azure solution for data transfer : This article provides an overview of some of the common Azure data transfer solutions. The article also links out to recommended options depending on the network bandwidth in your environment and the size of the data you intend to transfer.

    Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments