【Azure Blob】關閉Blob 匿名訪問,iOS Objective-C SDK連線Storage Account報錯

路边两盏灯發表於2024-07-05
iOSObject

問題描述

iOS Objective-C 應用,連線Azure Storage Account, 根據官網Example程式碼,在沒有關閉Storage Account的匿名訪問時,程式正常執行。

【Azure Blob】關閉Blob 匿名訪問,iOS Objective-C SDK連線Storage Account報錯

但是,只要關閉了匿名訪問,上傳blob到Container中,就會報錯:Public access is not permitted on this storage account

【Azure Blob】關閉Blob 匿名訪問,iOS Objective-C SDK連線Storage Account報錯

問題解答

檢視示例程式碼:

-(void)createContainerWithPublicAccess{
    NSError *accountCreationError;

    // Create a storage account object from a connection string.
    AZSCloudStorageAccount *account = [AZSCloudStorageAccount accountFromConnectionString:@"DefaultEndpointsProtocol=https;AccountName=your_account_name_here;AccountKey=your_account_key_here" error:&accountCreationError];

    if(accountCreationError){
        NSLog(@"Error in creating account.");
    }

    // Create a blob service client object.
    AZSCloudBlobClient *blobClient = [account getBlobClient];

    // Create a local container object.
    AZSCloudBlobContainer *blobContainer = [blobClient containerReferenceFromName:@"containerpublic"];

    // Create container in your Storage account if the container doesn't already exist
    [blobContainer createContainerIfNotExistsWithAccessType:AZSContainerPublicAccessTypeContainer requestOptions:nil operationContext:nil completionHandler:^(NSError *error, BOOL exists){
        if (error){
            NSLog(@"Error in creating container.");
        }
    }];
}

關鍵就是 blobContainer createContainerIfNotExistsWithAccessType:AZSContainerPublicAccessTypeContainer 這一句程式碼。因為示例程式碼中使用的是Public Access方式create container,雖然連線字串中由Account Key,但是程式碼中使用的是Public Access。所以當關閉Public Access後,程式就會報錯。

AZSContainerPublicAccessTypeContainer 修改為 AZSContainerPublicAccessTypeOff 就可以了。

【Azure Blob】關閉Blob 匿名訪問,iOS Objective-C SDK連線Storage Account報錯

NOTES:

  • No public read access: The container and its blobs can be accessed only with an authorized request. This option is the default for all new containers.
  • Public read access for container and its blobs: Container and blob data can be read by anonymous request, except for container permission settings and container metadata. Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.
  • Public read access for blobs only: Blobs within the container can be read by anonymous request, but container data is not available anonymously. Anonymous clients cannot enumerate the blobs within the container.

參考資料

設定Storage Account Container容器許可權 : https://learn.microsoft.com/zh-cn/previous-versions/azure/storage/blobs/storage-ios-how-to-use-blob-storage#set-container-permissions

[END]

相關文章