How To Get Blob-URL After File Upload In Azure ?

Azure Blob Storage is a PaaS (Platform as a Service) offering by Microsoft’s cloud solution Azure, to store unrestricted amounts of data objects. Here, object refers to any unstructured data such as documents (text, log files that are updated), binary data, and virtual hard drives. Blob storage resources are also used as storage during backup and restore operations in Azure. In the cloud computing world, the features of a cloud service depend highly on its durability, scalability, accessibility, and security.

• Durability and Redundancy: Azure Blob Storage leverages Azure’s local and geo-redundancy capabilities to protect your data against local hardware failures or region failures. This makes Azure’s storage service highly redundant and durable. Azure Blob storage accounts can also be configured to be connected using a private endpoint or publicly from selected virtual networks or IP addresses.
• Security: Data stored in Azure Blob Storage is encrypted by default using Microsoft’s encryption keys, and blob files are not publicly accessible by default, but this is configurable. Also, Azure provides granular access control over the containers and objects within the storage account. Versioning for blobs, point-in-time restore for containers, and retaining deleted blobs are other data protection features offered.
• Access: Data in Azure Blob Storage can be accessed via REST APIs too. Many languages, like .NET, Java, Node.js, Python, Go etc. have Azure-provided client libraries that can be used to develop applications that access data from storage accounts programmatically. Azure Portal and Azure CLI are other tools that can be used.

Azure Blob Storage Performance Tiers

Depending on the performance requirements to access data (low latency), Azure provides two tiers that can be selected while creating a storage account:

• Standard: This is recommended for general use cases where premium performance is not so much of a requirement. The type of storage account provided in this tier is called a General Purpose v2 account and can be used for blobs, file shares, queues, or tables.
• Premium: Premium Tier only stores Blob data. In cases of intense need to access data, high transactions, or low latency, this premium performance tier can be selected. Here the choice of storage account is narrowed even more, where one can choose between the type of blob data that one will need premium performance for. E.g.:
• Block Blobs: Premium storage and performance for block blobs i.e. storing text and binary data.
• Append Blobs: Premium storage and performance for block blobs that require append operations.
• Page Blobs: Premium storage and performance for page blobs only.

Importance of Blob-URL in Azure for accessing uploaded files.

Every blob file uploaded is given a unique URL (demonstrated below). The BLOB URLs follow the fixed pattern, in that the URLs are made up of the below pattern:

<StorageAccountName>.blob.core.windows.net/<ContainerName>/<FileNameWithExtension>

Eg: demostorage.blob.core.windows.net/test/toronto-skyline-from-park.jpg

Blob URLs are very useful to perform various operations on the uploaded file. For example, if an image file needs to be rendered in HTML, the URL can be used as the image source.

Using Blob URLs one can:

• retrieve a specific version of a Blob object eg: https://demostorage.blob.core.windows.net/test/toronto-skyline-from-park.jpg?versionId=2024-02-16T06:27:39.1608774Z
• get the metadata about the object (Blob properties)
• set or modify metadata about the object
• delete/undelete the Blob object
• copy the Blob Object
• append data to an existing Blob Object
• access a Blob Object securely using SAS Tokens (the generated SAS tokens are appended to the Blob URL and provided by Azure)

Storage Access Levels Hierarchy

Retrieving or accessing a blob file after uploading to a storage account in Azure, depends primarily on the access permissions at three levels:

• The Storage Account itself
• The Container in the storage account
• Individual Blob Files in the container

When a storage account is created (whether Standard or Premium), by default anonymous or public access is disallowed on the level of the storage account itself. This means the blob files individually and the ability to enumerate the list of files in a container is disallowed. To allow anonymous access to storage accounts, it can configured on the storage account configuration.

Go to Storage Account and select Configuration on the left panel. Enable the “Allow Blob anonymous access”

Step-By-Step Guide To Upload a File To Azure BLOB Storage

Now we can create a container in the storage account that will store all BLOB files for us. Note, that while creating a container now, we are given the ability to set a granular access level to the container itself, since the storage account does not have restricted access anymore. Here, the container can be set to private, blob (only individual blobs of the container can be accessed on its own), and container (the blobs in the container and the container itself can be accessed, with this it is possible to enumerate all the contents of the container unlike blob access).

Once the container is created, navigate to the container. We upload a BLOB file by clicking on “Upload” in the container.Fetch the BLOB File URL since we have container level access, now all the blob files within it are also accessible anonymously. To access the file, click on it and check the URL Properties of the file.
Copy it and open it in another window. Now you are able to access the blob files via its URL.

Blob-URL After File Upload In Azure – FAQ’s

Can I prevent a blob file from having a URL so it cannot be accessed ?

Every blob file is given a unique URL by default. For making the access to a blob more restrictive you can set private access control on the storage account or container or on specific Blob files. You can generate SAS tokens on the Blob file to give temporary “time or IP address” based secure access and build your application to use these SAS tokens. One the SAS is generated, Azure provides a new Blob SAS URL with the SAS Token appended.

I have thousands of Blob documents to be stored. How can I manage them effectively ?

Containers are a great way to provide folder like segregation to your data. You can also provide tags to your Blob files based on which you can logically define your data. For example in the example of the image shown in this article, a tag with key=city and value=toronto can be added. You can then use Blob URL and REST API commands to access data based on tags you provide.

I uploaded a Blob and copied the URL but I get an error while accessing it

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>PublicAccessNotPermitted</Code>
<Message>Public access is not permitted on this storage account. RequestId:8d409365-b01e-0035-64b1-602098000000 Time:2024-02-16T08:22:45.6970043Z</Message>
</Error>

This is a common error if “Allow Blob anonymous access” is disabled on the storage account. Navigate to the Configuration blade on the storage account and set “Allow Blob anonymous access” to enabled.