Monday, October 30, 2017

3 Steps to implementing Azure Blob Storage with adhoc SAS Tokens and Xamarin

I couldn't find a cohesive and updated example on how to use azure blob storage, so I created a working example. Well, mostly working. There are a few issues.

What you'll find there is an example that
  • runs against the local storage emulator (using the UWP client)
    • If someone has the time to find out how to connect the android emulator to the local storage emulator, kindly answer here
    • to connect to the local storage emulator from an android emulator, use the following connection string: "UseDevelopmentStorage=true;DevelopmentStorageProxyUri="
  • runs against the azure cloud storage
  • uses connection string with shared keys
  • uses an ad-hoc Shared Access Signature (SAS) token to provide limited time access to storage containers
  • bonus: generate and view pdf documents using Syncfusion packages.
For mobile clients (web or mobile apps), you're going to want to steer clear of using shared keys as a means of authenticating with azure storage. Unfortunately this is the mechanism that most of the samples are using.
The recommended way to connect to your azure storage account is by retrieving a temporary SAS Token from a secure service, and then using that token to send and receive blobs from azure storage.


So lets get started.

Step 1: Understand how blob storage accounts work. You can simulate azure storage using the local emulator (although with the SAS Token scenario this currently isn't viable due to the lack of https support), or create an azure storage account and containers.

Step 2: Create a secure server endpoint to serve temporary SAS Tokens. You'll find a ASP.NET Core example in the linked github repo. See the this implementation for generating and returning a SAS Token. More documentation on SAS Tokens can be found here.
The example stores the shared key connection strings in the appsettings.json file. You can provide different appsetings.[ASPNETCORE_ENVIRONMENT].json files, and toggle which one to use in the Properties/launchSettings.json file. 

Step 3: Create a client that retrieves the SAS Token, and uses that to create a container which is used to upload and download blob content. In the code example, the AzureBlobStorageService class is responsible for all the heavy lifting. The create container method will analyze the storage settings, preferring SAS Token connections over connection strings that contain shared keys.

To switch between different kinds of usage, you can toggle the implementation of ICloudBlobStorageSettingsProvider in App.cs , or create your own implementation.

When using the local storage emulator, make sure to read through the documentation on getting the emulator service started and using the storage explorer to analyse storage content.

Chances are pretty good I may have missed something in the code, so if you spot it, be sure to log an issue or better yet, submit a pull request ;)

Happy Coding.

No comments: