Azure-Blob-Storage-demo
Last updated
Last updated
This demo uses .NET and REST stack.
- for other tech stacks to create appliaction in other langauge client libraries
In this demo I try to use Python (coz i love it 😁)
Working with any azure resource using the SDK begins with creating a client object.
In this demo, you will learn how to create objects to interact with three types of storage services: storage accounts, containers and blobs
When your application creates a client object, you pass a URI referencing the endpoint to the client constructor. You can construct the endpoint manually or you can query for the endpoint at runtime using the azure storage management library
The complete code is inside blob-quickstart folder
Before writing the program and executing, be sure to login to azure account via Azure CLI az login or powershell Connect-AzAccount command
It is recommended to use passwordless login hence azure library includes the DefaultAzureCredential function that does the authentication for you behind the scenes with using the default and previous authenticated session and token settings.
Create a storage account and assign roles to user account via the below steps
Locate Storage Account resource in your azure portal
On the overview page, select Access control(IAM) menu in nav bar
On the Access control(IAM) page, select the Role assignments tab
select +Add button and then Add role assignment from the resulting drop down menu
Use the search box to filter the results to the desired role. For this example, search for Storage Blob Data Contributor and select the matching result and then choose Next.
Under Assign access to, select User, group, or service principal, and then choose + Select members
In the dialog, search for your Microsoft Entra username (usually your user@domain email address) and then choose Select at the bottom of the dialog.
Select Review + assign to go to the final page, and then Review + assign again to complete the process.
DefaultAzureCredential function that does the authentication process includes obtaining an access token for authorization.
This access token is passed as a credential when the client is instantiated, and the credential persists throughout the client lifetime.
The microsoft entra security principal requesting the token must be assigned an appropriate azure RBAC role that grants access to blob data.
An authorized BlobServiceClient object allows your application to interact with resources at the storage account level
Blob containers support system properties and user-defined metadata, in addition to the data they contain
System Properties: exists on each blob storage account
under the covers, some system properties correspond to certain standard HTTP headers. The library maintains these properties without need to developer involved.
User-defined metadata: consists of one or more name value pairs that you specify for a blob storage resource.
Containers and blobs support custom metadata, represented as HTTP headers. Metadata headers can be set on a request that creates a new container or blob resources or an a request that explictly creates a property on an existing resource The total size of all metadata pairs can be up to 8KB in size Metadata name/value pairs are valid HTTP headers, so they adhere to all restrictions governing HTTP headers