Where do I set the policy for my Azure table storage for a user to read and a admin to write?
up vote
1
down vote
favorite
I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.
Where do I set only read access on the client side and how do I use it?
Here is my server side code and javascript code
var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");
// Create a ChatMessage entity.
ChatMessage chatMessage;
// create a new chat message entity here
// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);
// Execute the operation.
table.Execute(insertOperation);
Here is my javascript code where each user just needs read access to the table data.
var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);
tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});javascript asp.net-mvc
azure azure-table-storage asked Nov 10 at 23:32
user1186050
2,117934108
|
show 1 more comment
up vote
1
down vote
favorite
I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.
Where do I set only read access on the client side and how do I use it?
Here is my server side code and javascript code
var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");
// Create a ChatMessage entity.
ChatMessage chatMessage;
// create a new chat message entity here
// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);
// Execute the operation.
table.Execute(insertOperation);
Here is my javascript code where each user just needs read access to the table data.
var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);
tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});javascript asp.net-mvc
azure azure-table-storage asked Nov 10 at 23:32
user1186050
2,117934108
Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58
The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01
You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05
Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10
Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07
|
show 1 more comment
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.
Where do I set only read access on the client side and how do I use it?
Here is my server side code and javascript code
var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");
// Create a ChatMessage entity.
ChatMessage chatMessage;
// create a new chat message entity here
// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);
// Execute the operation.
table.Execute(insertOperation);
Here is my javascript code where each user just needs read access to the table data.
var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);
tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});javascript asp.net-mvc
azure azure-table-storage asked Nov 10 at 23:32
user1186050
2,117934108
I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.
Where do I set only read access on the client side and how do I use it?
Here is my server side code and javascript code
var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);
// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();
// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");
// Create a ChatMessage entity.
ChatMessage chatMessage;
// create a new chat message entity here
// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);
// Execute the operation.
table.Execute(insertOperation);
Here is my javascript code where each user just needs read access to the table data.
var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);
tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);
tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);
tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});javascript asp.net-mvc
azure azure-table-storage javascript asp.net-mvc
azure azure-table-storage asked Nov 10 at 23:32
user1186050
2,117934108
asked Nov 10 at 23:32
user1186050
2,117934108
asked Nov 10 at 23:32
user1186050
2,117934108
asked Nov 10 at 23:32
user1186050
2,117934108
asked Nov 10 at 23:32
user1186050
2,117934108
2,117934108
Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58
The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01
You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05
Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10
Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07
|
show 1 more comment
Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58
The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01
You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05
Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10
Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07
Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58
Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58
The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01
The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01
You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05
You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05
Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10
Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10
Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07
Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07
|
show 1 more comment
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244465%2fwhere-do-i-set-the-policy-for-my-azure-table-storage-for-a-user-to-read-and-a-ad%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58
The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01
You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05
Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10
Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07