Azure Storage - Part 3

This is final part 3 of Azure Storage Service. We talked about it in earlier articles  Part 1 and Part 2.


Azure Storage API
Azure Storage provides a REST API to work with the containers and data stored in each account. There are independent APIs available to work with each type of data you can store.

·         Blobs for unstructured data such as binary and text files.
·         Queues for persistent messaging.
·         Tables for structured storage of key/values.
·         Files for traditional SMB file shares.

Storage REST APIs are accessible from anywhere on the Internet, by any application that can send an HTTP/HTTPS request and receive an HTTP/HTTPS response.

For example (HTTP)
GET https://[url-for-service-account]/?comp=list&include=metadata – This returns the data in XML format. 

This requires there a lot of manual parsing and the creation of HTTP packets to work with each API. To avoid such cumbersome process, Azure provides pre-built client libraries that make your life easier. The client libraries are just a thin wrapper over the REST API. They do the same operation what you would do if you used the web services directly.

How to connect to your Azure storage account - Through an access key, and REST API endpoint

Security access keys
Each storage account has two unique access keys that are used to secure the storage account. If your app needs to connect to multiple storage accounts, then your app will require an access key for each storage account.

The REST endpoint is a combination of your storage account name, the data type, and a known domain. For example:
Blobs     https://[storage account name].blob.core.windows.net/
Queues https://[storage account name].queue.core.windows.net/
Table     https://[storage account name].table.core.windows.net/
Files       https://[storage account name].file.core.windows.net/

The simplest way to handle access keys and endpoint URLs within applications is to use storage account connection strings.

DefaultEndpointsProtocol=https;AccountName={your-storage};
   AccountKey={your-access-key};
   EndpointSuffix=core.windows.net

Typically, storage account connectivity information is stored within an environment variable, database, or configuration file.

Azure Key Vault allow us to store the access key. Key Vaults support to synchronize directly to the Storage Account and automatically rotate the keys periodically. It provides an additional layer of security.

Storage accounts offer a separate authentication mechanism called shared access signatures that support expiration and limited permissions for scenarios where you need to grant limited access.

Comments

Popular posts from this blog

How to fix Azure DevOps error MSB4126

How to create Custom Visuals in Power BI – Initial few Steps

SharePoint Admin Center