Shared Access – Azure Table storage

The Windows Azure storage SDK 1.7 release has come out with a host of new features and one of the key features is the ability to issue Shared Access Signatures on the Table storage (as well as Queue storage).

If you are new to Shared Access, here is a 101: Let’s say your mobile device wants to access a record from the Azure Table storage, the way to do is:

  • Option 1 is to share the Storage keys with the Mobile device (Not Recommended)
  • Option 2 is to create an app which connects to a Website/Service running in Azure which makes the call to Azure storage on the Mobile device’s behalf, after authenticating the device (through a custom Authentication scheme)
  • Option 3: With SDK 1.7, the Table storage can issue a SAS (Shared Access Signature) or the ability to access the resource (a Table Entity) through a pre-authenticated URL (or SAS) for a specified duration of time. Ever been to a digital shopping website which allows you to download stuff with a link, and the link time bombs in x-duration. That’s what the Table storage allows you to do now.

Ok, so what’s the big deal, well we get the advantage that the mobile device can directly interact with the Storage account without the need to go through a Webservice (Option 2 above). The best part, the permissions can be ultra-granular, it can, say, give me access to *update* my record for the next *15 minutes*.

let’s take a quick look at some code. I have a console app to do a simple test, but if you are looking for a comprehensive demo, look at the Azure Storage Blog.

  • I am going to start by having a simple table storage with a Table where users store their payment data. The Entity design would look something like the below:

A typical entity object would look as follows:

Of course, I am not trying to argue the sanity of what is being stored hereJ. Now we start with our console app (assuming it is a Mobile Application).

Get the SAS

Let’s say you are somewhere on the planet, with only a mobile device and a not so good Edge connectivity. You would like to edit the Payment data inside the Azure table. Now am assuming your mobile device has an authentication (username/password- Facebook, Google) that you use to authenticate against your web service. Once you authenticate, assume your web service also sends you the SAS key along with the response.

Here is how it goes:

This is where the webservice code returns the SAS, and I will take a moment to print this out here:

“?sv=2012-02-12&se=2012-07-20T13%3A09%3A56Z&tn=Payment&sp=raud&spk=vineet&epk=vineet&sig=
6yIa8sPg6U3KbAVuGoU1h7ZoNri1b5FKO%2BG9VQqp9z8%3D”

Once this gets appended to a HTTP table request, the mobile device can operate on the table for the next 30 minutes. Now we come back to the mobile device code, and all we need to do:

Clearly, the SAS addition to the Table and Queue storage service has opened up a lot of possibilities.

Happy learning. Until next time!

-Vineet

About vineet

Vineet is a founder and technical architect at BrainScale India. He has 12+ years of IT experience and in the past he had worked as an FTE for Microsoft Consulting Services. He consults on Microsoft SharePoint Server 2007/ 2010, WCF and Windows Azure and is a frequent speaker at all Microsoft events. He has been involved in delivering a number of Windows Azure Boot Camps across various cities in India as well as involved in numerous consulting engagements for Fortune 500.
This entry was posted in Azure, Azure SDK, Azure Storage. Bookmark the permalink.

One Response to Shared Access – Azure Table storage

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>