使用IoT中心将文件上传到Azure BLOB-权限 [英] Uploading file to Azure BLOB using IoT Hub - Permissions
问题描述
我正在使用
如上图所示,此操作的 sasToken 已生成,用于读取/写入.
- 一旦设备收到上述响应,就可以调用blob的REST API PUT.这是我的建议.设备可以调用REST API获取Blob的元数据,请参见以下屏幕片段:
根据上述结果,可以跳过此序列,也可以继续使用REST API PUT继续实际上传blob.
- 这是序列的最后一步(非常重要).设备需要将上载序列的状态发送到Azure IoT中心的通知.以下屏幕片段显示了此REST API调用:
好吧,如您所见,上面的步骤2可以决定跳过还是覆盖上载Blob进程.
I'm uploading files from a Raspberry Pi to Azure Blob storage using an Azure IoT hub, using this microsoft tutorial as the basis for my C# code, and it's working fine.
Looking at the Microsoft documentation for the method UploadToBlobAsync(), "If the blob already exists, it will be overwritten."
I'm wondering if there's any way to restrict the device's permissions to create-only in the Azure portal or via PowerShell. My concern is that should someone access the device's storage and get the device id and key they would have the means to delete or overwrite files previously uploaded by that device in the storage container.
As a work-around I could have a server-side process pick up files once they've been received and move them elsewhere, but if the device id/key was restricted to create-only then I wouldn't need this overhead.
The method UploadToBlobAsync (assembly Microsoft.Azure.Devices.Client.UWP) is a wrapper of the REST API sequence calls for uploading a blob to the Azure Storage container. The following sequence is processed:
- REST API call to the Azure IoT Hub to obtain a reference for uploading blob, see the following screen snippet:
As you can see in the above picture, the sasToken for this operation has been generated for read/write.
- Once the device received the above response, the REST API PUT the blob can be called. Here is my suggestion. The device can call REST API Get the metadata of the blob, see the following screen snippet:
Based on the above result, this sequence can be either skipped or continue for actually uploading blob using the REST API PUT.
- This is a last step of the sequence (very important). The device need to send a notification to the Azure IoT Hub with the status of the uploading sequence. The following screen snippet shows this REST API call:
Well, as you can see the above step #2 can decide about the skipping or overwriting the upload blob process.
这篇关于使用IoT中心将文件上传到Azure BLOB-权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
