question

Oz-6837 avatar image
0 Votes"
Oz-6837 asked deherman-MSFT answered

Blob Storage Question

Hi, I don't have a problem but I am trying azure-storage account in my software to see if its the best service out there and I want to ask this question in order to understand and clarify something.

I have written a mini software in c#-windows form and I am using azure-storage container in order to transfer data between my software and azure-blob-container. I have placed the 'Storage account name' and 'access key' inside my code, so it accesses the storage account(uploads and downloads data). (using blockBlob.UploadFromStream & blockBlob.DownloadToStream)

Since, this software will be used by some other people in my team, I want to have the full control. I want to shut it down when I want to and turn it on when I want to. That's why I am using azure-storage acount. Basically, when I change the access settings (in networking section) to 'selected networks' from 'all networks'. Then my software is not able to access azure storage and stops working. When I change the settings into 'all networks', then it is on, and other people can use it. Basically a remote switch button that I can control.

My first question is; if someone still wants to use this software even if I turn off the settings - or try to hack this software somehow. Can someone manage to make it work ? In other words, can someone find out 'Storage account name' and 'access key' that I have placed inside my software, and can he get into my azure account by using this info and change the network settings and turn the software on.

My second question is; the main reason why I wanted try azure-storage is, to have the full control and create the dependency for my software. (I also need a storage but that's the second reason and its not that important.). So is there any feature like that in azure account, thats specifically built for that. and maybe, that feature is much better than what I am doing currently by using 'Storage account name' and 'access key'.

If you can help me out on these two questions, I really appreaciate!
Oz

azure-blob-storage
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered

@Oz-6837
Your storage account access keys are similar to a root password for your storage account. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Avoid distributing access keys to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they may have been compromised. See here for information on how to use Key Vault to secure your storage account keys.

It sounds like what you want is to Authorize access using Azure Active Directory. Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob and queue applications when possible to minimize potential security vulnerabilities inherent in Shared Key.

Hope this helps! Let us know if you have further questions or concerns.



Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.