Share via

Using Azure, how would I access files and assets in a blob container with security?

Jon Osmanson 0 Reputation points
2025-04-22T20:17:50.86+00:00

I need to be able to store files in a blob container that is only accessible with some sort of container authentication. I am working a scorm courses that the files need access to other files in the course folder. I have tried using the SAS Token, but when I open the main html file the assets will not add the sas token to there url requests. I do know that the file are using relative pathing when accessing their files. What would be the best way to accomplish this? Any tutorials or instructions on how to setup something up like this? Or is there an other method to accomplish this?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,471 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Keshavulu Dasari 4,665 Reputation points Microsoft External Staff
    2025-04-22T20:33:45.7966667+00:00

    Hi Jon Osmanson,

    To securely access files and assets in an Azure Blob container, especially for SCORM courses, you can use Azure's role-based access control with Microsoft Entra ID. This method provides more granular control and avoids the issues you are facing with SAS tokens and relative paths.

    Steps to Securely Access Files in Azure Blob Storage

    Set Up Microsoft Entra ID Authentication:

    • Create a Security Principal: This can be a user, group, or service principal.
    • Assign Roles: Use Azure RBAC to assign appropriate roles (e.g., Storage Blob Data Reader) to the security principal .

    Configure Blob Storage:

    • Enable Microsoft Entra ID Authentication: Ensure your storage account supports Microsoft Entra ID. This is available for all general-purpose and Blob storage accounts.
    • Assign Permissions: Assign the necessary roles to your security principal to access the blob data .

    Accessing Blob Data:

    • Generate OAuth 2.0 Token: Authenticate the security principal to get an OAuth 2.0 token.
    • Use the Token: Include this token in the authorization header of your HTTP requests to access the blob data.

    For more information:

    https://learn.microsoft.com/en-us/azure/storage/blobs/security-recommendations

    https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory

    Alternative Methods: If you prefer to continue using SAS tokens, consider using User Delegation SAS tokens, which are secured with Microsoft Entra credentials instead of the account key, this method can help mitigate some of the issues with relative paths.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, __this can be beneficial to other community members.
    __
    User's image

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be glad to assist you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.