Menu
I am hosting a static website through the $web container in the BLOB storage of an azure storage account. The minified JS in that container contains sensitive data, for example an azure-tables key.
According to the documentation:
You can modify the public access level of the $web container, but this has no impact on the primary static website endpoint because these files are served through anonymous access requests. That means public (read-only) access to all files.
Is there any way to limit access to the website's content (especially the minified JS sitting in the $web container)?
529
In the Azure portal, go to your existing storage account, or create a storage account. In the File shares section, select Active directory: Not Configured. Select Azure Active Directory Domain Services then switch the toggle to Enabled. Select Save.
Open the Azure portal in your web browser. Locate your storage account and display the account overview. Select Static website to display the configuration page for static websites. Select Enabled to enable static website hosting for the storage account.
Open the Azure portal in your web browser. Locate your storage account and display the account overview. Select Static website to display the configuration page for static websites. Select Enabled to enable static website hosting for the storage account. In the Index document name field,...
If you're already thinking about authentication, an Azure Blob Storage service isn't going to cut it. You're probably going to need a free Azure Web App or two (One for the frontend, one for the backend). Server-Side code is much safer than browser code and enables features like proper user input validation.
This is because, as the message says, the website is disabled for this storage account. To fix that, I need to run the following Azure CLI command: This command is setting the blob service to behave as a static website, as well as setting the 404 error page and the default index page. There is also the storage account name as a parameter.
Storage account network security rules, including IP-based and VNET firewalls, are supported for the static website endpoint, and may be used to protect your website. Do static websites support Azure Active Directory (Azure AD)? No. A static website only supports anonymous public read access for files in the $web container.
First of all, it is very bad practice to store data access tokens in the website's code, no matter how minified the JS is. The access tokens could be leaked by anyone who has read access to the website, intentionally or unintentionally. That includes being able to open and view the site in their browser.
If you're already thinking about authentication, an Azure Blob Storage service isn't going to cut it. You're probably going to need a free Azure Web App or two (One for the frontend, one for the backend). Server-Side code is much safer than browser code and enables features like proper user input validation. Additionally, enabling Azure AD Authentication is just a click away if you're using Azure Web Apps.
It is possible to generate SAS tokens that require the user to authenticate via Azure AD before accessing the Blob, but I personally haven't tried that yet.
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
