Forum Discussion

MichalKala1991's avatar
MichalKala1991
Copper Contributor
Oct 29, 2021
Solved

How to serve multiple customers with one Storage?

Hi, I am new in Azure Storage, so please forgive me if my question is silly.   I created a demo for solution that involves blob storage and clients checking for app updates from that storage. It wo...
  • Anthony_Norwood's avatar
    Anthony_Norwood
    Oct 30, 2021

    MichalKala1991 there are a couple of things you could do here:

     

    1. Generate a SAS token from within the Storage Account or Container that will allow the application to retrieve the installation files; you can control the level of permissions however there is a built in expiry for the SAS token so you'd need to deploy a new version to clients with a new SAS token before the expiry date

    [1] https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview 

     

    2. You can store the account keys for your storage account in a Key Vault, and then programatically generate SAS tokens. This obfuscates the credentials and you can set the SAS token expiry to be a lot shorter if you generate at runtime, but does require connectivity to the key vault to accomplish:

    [1] https://docs.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys 
    [2] https://docs.microsoft.com/en-us/azure/key-vault/secrets/storage-keys-sas-tokens-code 
    [3] https://docs.microsoft.com/en-us/azure/storage/common/storage-account-sas-create-dotnet?tabs=dotnet#use-an-account-sas-from-a-client 

    You'd then just need to append the URL to the installer blob with ?[SAS Token] 

MichalKala1991's avatar
MichalKala1991
Copper Contributor
Oct 29, 2021
I want to utilize the AppInstaller XML files. So place AppInstaller file and Appx/msix installation file to the blob and then distribute appinstaller file to clients. The distributed appinstaller file will be redirecting url to the blob storage.
https://docs.microsoft.com/en-us/uwp/schemas/appinstallerschema/element-appinstaller
Anthony_Norwood's avatar
Anthony_Norwood
Brass Contributor
Oct 30, 2021

MichalKala1991 there are a couple of things you could do here:

 

1. Generate a SAS token from within the Storage Account or Container that will allow the application to retrieve the installation files; you can control the level of permissions however there is a built in expiry for the SAS token so you'd need to deploy a new version to clients with a new SAS token before the expiry date

[1] https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview 

 

2. You can store the account keys for your storage account in a Key Vault, and then programatically generate SAS tokens. This obfuscates the credentials and you can set the SAS token expiry to be a lot shorter if you generate at runtime, but does require connectivity to the key vault to accomplish:

[1] https://docs.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys 
[2] https://docs.microsoft.com/en-us/azure/key-vault/secrets/storage-keys-sas-tokens-code 
[3] https://docs.microsoft.com/en-us/azure/storage/common/storage-account-sas-create-dotnet?tabs=dotnet#use-an-account-sas-from-a-client 

You'd then just need to append the URL to the installer blob with ?[SAS Token] 

Resources