The Windows Azure storage SDK 1.7 release has come out with a host of new features and one of the key features is the ability to issue Shared Access Signatures on the Table storage (as well as Queue storage).
If you are new to Shared Access, here is a 101: Let’s say your mobile device wants to access a record from the Azure Table storage, the way to do is:
- Option 1 is to share the Storage keys with the Mobile device (Not Recommended)
- Option 2 is to create an app which connects to a Website/Service running in Azure which makes the call to Azure storage on the Mobile device’s behalf, after authenticating the device (through a custom Authentication scheme)
- Option 3: With SDK 1.7, the Table storage can issue a SAS (Shared Access Signature) or the ability to access the resource (a Table Entity) through a pre-authenticated URL (or SAS) for a specified duration of time. Ever been to a digital shopping website which allows you to download stuff with a link, and the link time bombs in x-duration. That’s what the Table storage allows you to do now.
Ok, so what’s the big deal, well we get the advantage that the mobile device can directly interact with the Storage account without the need to go through a Webservice (Option 2 above). The best part, the permissions can be ultra-granular, it can, say, give me access to *update* my record for the next *15 minutes*.
let’s take a quick look at some code. I have a console app to do a simple test, but if you are looking for a comprehensive demo, look at the Azure Storage Blog.
- I am going to start by having a simple table storage with a Table where users store their payment data. The Entity design would look something like the below:
A typical entity object would look as follows:
Of course, I am not trying to argue the sanity of what is being stored hereJ. Now we start with our console app (assuming it is a Mobile Application).
Get the SAS
Let’s say you are somewhere on the planet, with only a mobile device and a not so good Edge connectivity. You would like to edit the Payment data inside the Azure table. Now am assuming your mobile device has an authentication (username/password- Facebook, Google) that you use to authenticate against your web service. Once you authenticate, assume your web service also sends you the SAS key along with the response.
Here is how it goes:
This is where the webservice code returns the SAS, and I will take a moment to print this out here:
Clearly, the SAS addition to the Table and Queue storage service has opened up a lot of possibilities.
Happy learning. Until next time!