如何在Azure中为容器定义只读访问连接字符串? [英] How do I define a read-only access connection string for a container in Azure?

问题描述

在Azure订阅中，我有一个带有多个已定义容器的存储帐户.当前，我所有的代码都使用主访问密钥作为连接字符串，以将数据读取和写入容器.所有容器都是私有的.我可以为存储帐户生成一个只读的连接字符串，还是必须为每个容器定义一个只读的连接字符串?

In an Azure subscription I have a Storage account with multiple defined containers. Currently all of my code uses the primary access key for the connection string to read and write data to the containers. All Containers are Private. Can I generate a read-only connection string for the Storage account or does it have to be defined for each container?

推荐答案

目前，无法为存储帐户创建只读连接字符串.从平台方面，您唯一的选择是利用 Shared Access Signatures/Container Level ACL ，但是您必须分别对每个blob容器进行操作.另一种选择是创建自己的应用程序，该应用程序充当用户和存储帐户之间的代理.对存储帐户的所有请求都将通过此应用程序进行路由，您可以在其中合并此只读机制，在该机制中，您将拒绝除GET以外的所有请求(用于只读行为).

At this moment, it's not possible to create a read-only connection string for the storage account. From the platform side, your only option would be to make use of Shared Access Signatures/Container Level ACL but that you would have to do for each blob container separately. Other option would be to create your own application which acts as a proxy between your users and your storage account. All requests to your storage account will be routed through this application and there you could incorporate this read-only mechanism where you reject all requests other than GET (for read only behavior).

这篇关于如何在Azure中为容器定义只读访问连接字符串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！