Where do I set the policy for my Azure table storage for a user to read and a admin to write?












1














I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];

            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);



            // Create the table client.

            CloudTableClient tableClient = storageAccount.CreateCloudTableClient();



            // Create the CloudTable object that represents the "ChatMessages" table.

            CloudTable table = tableClient.GetTableReference("ChatMessages");



            // Create a ChatMessage entity.

            ChatMessage chatMessage;



            // create a new chat message entity here



            // Create the TableOperation object that inserts the ChatMessage entity.

            TableOperation insertOperation = TableOperation.Insert(chatMessage);



            // Execute the operation.

            table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";

var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);

var tableQuery = new AzureStorage.Table.TableQuery()

  .select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])

  .top(20)

  .where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);



tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {

  // do work here

});








javascript asp.net-mvc azure azure-table-storage







share|improve this question






















  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07
















1














I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];

            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);



            // Create the table client.

            CloudTableClient tableClient = storageAccount.CreateCloudTableClient();



            // Create the CloudTable object that represents the "ChatMessages" table.

            CloudTable table = tableClient.GetTableReference("ChatMessages");



            // Create a ChatMessage entity.

            ChatMessage chatMessage;



            // create a new chat message entity here



            // Create the TableOperation object that inserts the ChatMessage entity.

            TableOperation insertOperation = TableOperation.Insert(chatMessage);



            // Execute the operation.

            table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";

var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);

var tableQuery = new AzureStorage.Table.TableQuery()

  .select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])

  .top(20)

  .where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);



tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {

  // do work here

});








javascript asp.net-mvc azure azure-table-storage







share|improve this question






















  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07














1












1








1







I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];

            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);



            // Create the table client.

            CloudTableClient tableClient = storageAccount.CreateCloudTableClient();



            // Create the CloudTable object that represents the "ChatMessages" table.

            CloudTable table = tableClient.GetTableReference("ChatMessages");



            // Create a ChatMessage entity.

            ChatMessage chatMessage;



            // create a new chat message entity here



            // Create the TableOperation object that inserts the ChatMessage entity.

            TableOperation insertOperation = TableOperation.Insert(chatMessage);



            // Execute the operation.

            table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";

var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);

var tableQuery = new AzureStorage.Table.TableQuery()

  .select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])

  .top(20)

  .where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);



tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {

  // do work here

});








javascript asp.net-mvc azure azure-table-storage







share|improve this question













I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];

            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);



            // Create the table client.

            CloudTableClient tableClient = storageAccount.CreateCloudTableClient();



            // Create the CloudTable object that represents the "ChatMessages" table.

            CloudTable table = tableClient.GetTableReference("ChatMessages");



            // Create a ChatMessage entity.

            ChatMessage chatMessage;



            // create a new chat message entity here



            // Create the TableOperation object that inserts the ChatMessage entity.

            TableOperation insertOperation = TableOperation.Insert(chatMessage);



            // Execute the operation.

            table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";

var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);

var tableQuery = new AzureStorage.Table.TableQuery()

  .select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])

  .top(20)

  .where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);



tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {

  // do work here

});








var tableUri = "https://myrggroupname.table.core.windows.net";

var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);

var tableQuery = new AzureStorage.Table.TableQuery()

  .select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])

  .top(20)

  .where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);



tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {

  // do work here

});





var tableUri = "https://myrggroupname.table.core.windows.net";

var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);

var tableQuery = new AzureStorage.Table.TableQuery()

  .select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])

  .top(20)

  .where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);



tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {

  // do work here

});





javascript asp.net-mvc azure azure-table-storage




javascript asp.net-mvc azure azure-table-storage






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 10 at 23:32









user1186050

2,084935109




2,084935109












  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07


















  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07
















Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58




Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58












The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01




The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01












You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05




You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05












Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10






Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10














Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07




Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244465%2fwhere-do-i-set-the-policy-for-my-azure-table-storage-for-a-user-to-read-and-a-ad%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244465%2fwhere-do-i-set-the-policy-for-my-azure-table-storage-for-a-user-to-read-and-a-ad%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

這個網誌中的熱門文章

Hercules Kyvelos

圖片
Hercules Kyvelos Statistics Real name Hercules Kyvelos Nickname(s) The God Weight(s) Middleweight Light Middleweight Welterweight Height 5 ft 10 in (180 cm) Reach 72 in (183 cm) Nationality Canadian Born ( 1975-02-25 ) February 25, 1975 (age 43) Montreal, Quebec Stance Orthodox Boxing record Total fights 27 Wins 24 Wins by KO 12 Losses 3 Draws 0 No contests 0 Hercules Kyvelos Medal record Men's Boxing Representing   Canada Pan American Games 1995 Mar del Plata Welterweight Hercules Kyvelos (born February 25, 1975) is a Greek-Canadian boxer in the Welterweight division and is the former Canadian Welterweight Champion. [1] He fought at the 1996 Summer Olympics in Atlanta, Georgia. Contents 1 Early life 2 Amateur career 3 Pro career 3.1 WBO Welterweight Championship 3.2 Personal life 4 References 5 External links Early life Hercules was born in
閱讀完整內容

Tangent Lines Diagram Along Smooth Curve

圖片
7 1 I am trying to replicate a diagram and have a minimal example. I don't know how to add additional tangents between the specified points and preserve smoothness. documentclass{article} usepackage{tikz} usetikzlibrary{calc,intersections} begin{document} begin{tikzpicture} % Axes draw [->, name path=x] (-1,0) -- (11,0) node [right] {$x$}; draw [->] (0,-1) -- (0,6) node [above] {$y$}; % Origin node at (0,0) [below left] {$0$}; % Points coordinate (start) at (1,-0.8); coordinate (c1) at (3,3); coordinate (c2) at (5.5,1.5); coordinate (c3) at (8,4); coordinate (end) at (10.5,-0.8); % show the points foreach n in {start,c1,c2,c3,end} fill [black] (n) circle (2pt) node [below] {}; % join the coordinates draw [thick,name path=curve] (start) to[out=70,in=180] (c1) to[out=0,in=180]
閱讀完整內容

Yusuf al-Mu'taman ibn Hud

圖片
Main article: Taifa of Zaragoza Al-Mu'taman Ruler of Zaragoza Reign 1081–1085 Predecessor Ahmad al-Muqtadir Successor Al-Mustain II Born Zaragoza Died 1085 Full name Yusuf ibn Ahmad al-Mu'taman ibn Hūd House Banu Hud Yusuf ibn Ahmad al-Mu'taman ibn Hūd (Arabic: المؤتمن بالله يوسف إبن أحمد إبن هود ‎, al-Mutaman bi l-Lah , died c. 1085) was the third king of the Banu Hud dynasty who ruled over the Taifa of Zaragoza from 1081 to 1085. Yusuf al-Mutaman reigned during the height of power of Muslim Zaragoza , following the thriving period of his father Ahmad al-Muqtadir. He continued his father's efforts and created around him a court of intellectuals, living in the beautiful palace of Aljafería, nicknamed as "the palace of joy". Al-Mu'taman was also a scholarly king and a patron of science, philosophy and arts. As an example of a wise king, he knew astrology, philosophy, and especially mathematics, a discipline in which
閱讀完整內容