Azure storage account container access on browser

Sarah C Benjamin 1 Reputation point
2021-02-04T23:45:32.56+00:00

I am trying to find a best way to give access to users to files in the storage account without them installing azure storage explorer.

I was hoping to them them access to the container that has all the files in it and they can access the files in their browser.

1st option
I was working was creating a blob container with public access level at container but then I go to its URL, it tell me that the resource does not exist.
64140-image.png

2nd option
I was thinking of giving them access to the container using SAS like this but that URL also does not work.
64190-image.png

How can I give access to the users such that they can see all files in the container in the browser. I can open individual blobs but I want them to have access at the container level?

Here is the error I get with option 1
<Error>
<Code>ResourceNotFound</Code>
<Message>The specified resource does not exist. RequestId:c1a15bce-a01e-0006-2e52-fbac52000000 Time:2021-02-05T00:01:13.1590995Z</Message>
</Error>

Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
231 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,436 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 43,801 Reputation points Microsoft Employee
    2021-02-05T07:39:54.07+00:00

    @Sarah C Benjamin Welcome to Microsoft Q&A, Thank you for posting your query!

    You may be getting this error due to roles: Let me explain, how the role base access work for Storage account, It has different set of permissions and policies. Please refer to this article(Only roles explicitly defined for data access permit a security principal to access blob or queue data. Roles such as Owner, Contributor, and Storage Account Contributor permit a security principal to manage a storage account, but do not provide access to the blob or queue data within that account.)

    Azure provides the following Azure built-in roles for authorizing access to blob and queue data using Azure AD and OAuth: For more information See here

    Additional information: Authorizing access to data in Azure Storage

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    -------------------------------------------------------------------------------------------------------

    Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

  2. Sarah C Benjamin 1 Reputation point
    2021-02-05T20:42:02.883+00:00

    This is not an answer but I couldn't get to submit my comment on your answer @Sumarigo-MSFT

    Thanks @Sumarigo-MSFT seems like the role based access work you are referring to is applicable when "creating" blobs and containers.

    I am past creating them, I am able to create blobs and containers both.

    I can access individual blobs in the browser like this. MyTest1 file opens.. (I have given it a start and expiry time in the SAS token, so it may not open when you access it)

    https://teststorageaccount21.blob.core.windows.net/publicb/MyTest1.csv?sv=2019-12-12&st=2021-02-05T20%3A10%3A22Z&se=2021-02-06T20%3A10%3A22Z&sr=b&sp=r&sig=4DBjswTkDc5EBmVvy36yYwKRCDP8gKiNnIS74xUwMPc%3D

    But if I try to access just the container like this

    https://teststorageaccount21.blob.core.windows.net/publicc?sv=2019-12-12&st=2021-02-05T20%3A15%3A58Z&se=2021-02-06T20%3A15%3A58Z&sr=c&sp=rl&sig=N7i3gDCXF5OfSNjoHhY3d5N3Y87uGMcUboddWWzH26c%3D

    I get the message

    <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:52787747-d01e-0023-5cfd-fb052e000000 Time:2021-02-05T20:31:15.1973218Z</Message>
    <AuthenticationErrorDetail>Signature did not match. String to sign used was rl 2021-02-05T20:15:58Z 2021-02-06T20:15:58Z /blob/teststorageaccount21/$root 2019-12-12 c

    If it was a role based issue, I would be having a hard time accessing blobs within the container too. But blobs are accessible but container level isn't.

    Please suggest.
    Thanks much

  3. MikeN 31 Reputation points
    2021-06-11T19:13:54.667+00:00

    Did you ever get an answer for this?

    I have a use case where i'd like to allow anonymous read access to a container.

    Allowing container access seems to imply that you should be able to go to the URL of the container which is shown on the Properties tab in a browser and be presented with a list of blobs in the container to download.

    I experience the same behavior, when you access the container URL in a browser, you get an error instead of seeing a list of blobs inside the container.

    <Error>
    <Code>ResourceNotFound</Code>
    <Message>The specified resource does not exist. RequestId:61a509e8-801e-004c-4df5-5e2a90000000 Time:2021-06-11T19:12:32.8877964Z</Message>
    </Error>

  4. Hari Gudladona 1 Reputation point
    2021-08-06T08:58:02.347+00:00

    https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas

    I am not sure but i saw some content related to container level access too along with files. Pl try reading this.

    0 comments