Uploading blobs to a Azure Storage account where allow Blob public access is disabled

Elio Struyf 21 Reputation points
2021-02-23T18:33:03.327+00:00

I would like to have my Azure Storage account not be accessible with anonymous access. That is why I configured my Azure Storage account to not be publicly accessible via the following setting:

71208-screenshot-2021-02-23-at-175016.png

After configuring this, I created myself a read SAS Token which I use in my service which will fetch the files. This works fine, but now I want to be able to upload my new and changed files from my Azure DevOps pipelines. Problem is that no matter what I try, it always returns the service is not accessible publicly.

My SAS Token which I use on the service side looks as follows:

71209-screenshot-2021-02-23-at-175207.png

Using the SAS Token to the storage account returns this:

71197-screenshot-2021-02-23-at-175300.png

How will I be able to upload blobs via the Node.js @azure/storage-blob library with the AllowBlobPublicAccess set to disabled?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,838 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
1,692 questions
0 comments
Accepted answer
  1. deherman-MSFT 27,331 Reputation points Microsoft Employee
    2021-02-24T00:05:30.98+00:00

    @Elio Struyf
    I tried, but was unable to reproduce this issue. I tested this by setting Blob public access to disabled then generated an account SAS with the same settings as yours. Using the samples available here I was able to use the generated SAS token with anonymousCred.js and added the code to create and upload a blob: 

      // Create a blob  
  const content = "hello";  
  const blobName = "newblob" + new Date().getTime();  
  const blockBlobClient = containerClient.getBlockBlobClient(blobName);  
  const uploadBlobResponse = await blockBlobClient.upload(content, Buffer.byteLength(content));  
  console.log(`Upload block blob ${blobName} successfully`, uploadBlobResponse.requestId);

    Can you try checking the sample code to see if there are any differences? If you are still having issues let us know and we can investigate the issue further.

    -------------------------------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Elio Struyf 21 Reputation points
    2021-02-24T07:29:32.867+00:00

    Thanks, found the issue while going over it once again. It was the usage of the container client its createIfNotExists method. It specified "container" access level to be used if the container did not exist. Although the container itself already exists, it takes this access level into account. I now removed the access level, and it works fine.

    0 comments