Share via

How to access files in BlobStorage container with AAD authentication java

Srini Babu Maroju 26 Reputation points
2021-03-06T20:12:30.52+00:00

Hello

My requirement is as below.

  1. I uploaded a file into blobstorage container.
    For example
    my storage account name is et
    my container name is proj1.
    file name is exam.pdf
  2. I would like to browse the file from browser after successful authentication.
    For example when I type https://et.blob.core.windows.net/proj1/exam.pdf, the browser should prompt AAD authentication screen and it should display PDF only after successful authentication.

Assumption
The user is having necessary rights to the storage account and container.
my skills are java.

Thanks in advance for your help in advance.
srinibabu

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,529 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,192 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator
    2021-03-09T14:07:42.717+00:00

    @Srini Babu Maroju Welcome to Microsoft Q&A, Thank you for posting your query here!

    Thanks for raising this question! Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    Azure Blob Storage has AAD authentication feature is available : This article explain how to Authorize access to blobs and queues using Azure Active Directory

    The feature what you are looking on browser, that option isn't available. Azure Storage accepts OAuth 2.0 access tokens from the Azure AD tenant associated with the subscription that contains the storage account.

    Also, refer to this article which explain different types of authorize request to azure storage

    You can set different security option like, SAS(A user delegation SAS is secured with Azure Active Directory (Azure AD) credentials and also by the permissions specified for the SAS. A user delegation SAS is analogous to a service SAS in terms of its scope and function, but offers security benefits over the service SAS.) , Static website or RBAC( For read access and more)

    A key advantage of using Azure Active Directory (Azure AD) with Azure Blob storage or Queue storage is that your credentials no longer need to be stored in your code. Instead, you can request an OAuth 2.0 access token from the Microsoft identity platform. Azure AD authenticates the security principal (a user, group, or service principal) running the application. If authentication succeeds, Azure AD returns the access token to the application, and the application can then use the access token to authorize requests to Azure Blob storage or Queue storage.

    To authenticate a security principal from your Azure Storage application, first configure Azure role-based access control (Azure RBAC) settings for that security principal. Azure Storage defines built-in roles that encompass permissions for containers and queues. When the Azure role is assigned to a security principal, that security principal is granted access to that resource.

    Refer here for different Security recommendations for Blob storage

    If you wish you may leave your feedback here All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Additional information: There is ar thread discussion in SO forum which provides some idea on your scenario:

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Srini Babu Maroju 26 Reputation points
    2021-03-09T21:04:55.193+00:00

    I need to use Azure AD authentication to access Azure BlobStorage. I need to use RBAC.

    I went through the url storage-auth-aad

    I found a link as storage-auth-aad-app. As I understand we need to write code, use App registrations and register the service in Azure AD.
    I followed the steps as mentioned in the link for java.

    Question: Also, if there is any alternative method of achieving this, please suggest.

    I created a spring boot application and running from IDE in local machine. Set parameters as mentioned in section 'Provide values in the settings file' in my application.properties. Let us say my url is
    I am using MSAL4J APIs.

    Registered the app service in Azure AD using App registration.
    Also, performed steps as mentioned in 'Grant your registered app permissions to Azure Storage' section.

    Also, I defined RBAC roles in Azure Storage account.

    My objective is when I browse url exam.pdf,
    Step 1: it should be prompt the Azure AD authentication screen.
    Step 2: After successful authentication, it should display the pdf file in browser.

    Question:
    Step #1 is happening successfully.
    After Step #1, inside the method, I am stuck and don't know how to pass the credentials to BlobStorage. Can you please throw some light on this.
    I am getting error as
    java.lang.IllegalStateException: Cannot forward after response has been committed

    75930-azure-question.pdf

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.