question

SarahRobert-3529 avatar image
0 Votes"
SarahRobert-3529 asked ANISBANEKAR-6725 commented

Azure storage account container access on browser

I am trying to find a best way to give access to users to files in the storage account without them installing azure storage explorer.

I was hoping to them them access to the container that has all the files in it and they can access the files in their browser.

1st option
I was working was creating a blob container with public access level at container but then I go to its URL, it tell me that the resource does not exist.
64140-image.png


2nd option
I was thinking of giving them access to the container using SAS like this but that URL also does not work.
64190-image.png

How can I give access to the users such that they can see all files in the container in the browser. I can open individual blobs but I want them to have access at the container level?

Here is the error I get with option 1
<Error>
<Code>ResourceNotFound</Code>
<Message>The specified resource does not exist. RequestId:c1a15bce-a01e-0006-2e52-fbac52000000 Time:2021-02-05T00:01:13.1590995Z</Message>
</Error>


azure-blob-storageazure-storage-explorer
image.png (17.4 KiB)
image.png (24.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered SarahRobert-3529 edited

@SarahRobert-3529 Welcome to Microsoft Q&A, Thank you for posting your query!

You may be getting this error due to roles: Let me explain, how the role base access work for Storage account, It has different set of permissions and policies. Please refer to this article(Only roles explicitly defined for data access permit a security principal to access blob or queue data. Roles such as Owner, Contributor, and Storage Account Contributor permit a security principal to manage a storage account, but do not provide access to the blob or queue data within that account.)

Azure provides the following Azure built-in roles for authorizing access to blob and queue data using Azure AD and OAuth: For more information See here

Additional information: Authorizing access to data in Azure Storage

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.


Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Sumarigo-MSFT please check my comment below in the answer section, for some strange reason I couldnt get it to submit even if I was within 1000 character range. Strange.

0 Votes 0 ·
SarahRobert-3529 avatar image
0 Votes"
SarahRobert-3529 answered ANISBANEKAR-6725 commented

This is not an answer but I couldn't get to submit my comment on your answer @Sumarigo-MSFT

Thanks @Sumarigo-MSFT seems like the role based access work you are referring to is applicable when "creating" blobs and containers.

I am past creating them, I am able to create blobs and containers both.

I can access individual blobs in the browser like this. MyTest1 file opens.. (I have given it a start and expiry time in the SAS token, so it may not open when you access it)

https://teststorageaccount21.blob.core.windows.net/publicb/MyTest1.csv?sv=2019-12-12&st=2021-02-05T20%3A10%3A22Z&se=2021-02-06T20%3A10%3A22Z&sr=b&sp=r&sig=4DBjswTkDc5EBmVvy36yYwKRCDP8gKiNnIS74xUwMPc%3D


But if I try to access just the container like this

https://teststorageaccount21.blob.core.windows.net/publicc?sv=2019-12-12&st=2021-02-05T20%3A15%3A58Z&se=2021-02-06T20%3A15%3A58Z&sr=c&sp=rl&sig=N7i3gDCXF5OfSNjoHhY3d5N3Y87uGMcUboddWWzH26c%3D

I get the message

<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:52787747-d01e-0023-5cfd-fb052e000000 Time:2021-02-05T20:31:15.1973218Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was rl 2021-02-05T20:15:58Z 2021-02-06T20:15:58Z /blob/teststorageaccount21/$root 2019-12-12 c

If it was a role based issue, I would be having a hard time accessing blobs within the container too. But blobs are accessible but container level isn't.

Please suggest.
Thanks much

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SarahRobert-3529 Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused. . I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you. Once again, apologies for any inconvenience with this issue.
Thanks for your patience and co-operation.

0 Votes 0 ·

Hello @SarahRobert-3529 @Sumarigo-MSFT

Hope you are doing well. Could you please share the resolution for the above issue?

I I am trying to access a container using URL through browser and getting the same error

<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:a44d38bb-e01e-0007-2b6f-9e20fe000000 T</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was r /testblob/test/$root https 2020-08-04 c </AuthenticationErrorDetail>
</Error>

It would be really helpful if you please provide the resolution you guys used to fix the issue.

0 Votes 0 ·
MikeN-0979 avatar image
0 Votes"
MikeN-0979 answered MikeN-0979 edited

Did you ever get an answer for this?

I have a use case where i'd like to allow anonymous read access to a container.

Allowing container access seems to imply that you should be able to go to the URL of the container which is shown on the Properties tab in a browser and be presented with a list of blobs in the container to download.

I experience the same behavior, when you access the container URL in a browser, you get an error instead of seeing a list of blobs inside the container.

<Error>
<Code>ResourceNotFound</Code>
<Message>The specified resource does not exist. RequestId:61a509e8-801e-004c-4df5-5e2a90000000 Time:2021-06-11T19:12:32.8877964Z</Message>
</Error>

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HariGudladona-5774 avatar image
0 Votes"
HariGudladona-5774 answered

https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas

I am not sure but i saw some content related to container level access too along with files. Pl try reading this.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.