Where do I set the policy for my Azure table storage for a user to read and a admin to write?











up vote
1
down vote

favorite












I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);

// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();

// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");

// Create a ChatMessage entity.
ChatMessage chatMessage;

// create a new chat message entity here

// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);

// Execute the operation.
table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);

tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});












share|improve this question






















  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07















up vote
1
down vote

favorite












I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);

// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();

// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");

// Create a ChatMessage entity.
ChatMessage chatMessage;

// create a new chat message entity here

// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);

// Execute the operation.
table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);

tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});












share|improve this question






















  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07













up vote
1
down vote

favorite









up vote
1
down vote

favorite











I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);

// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();

// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");

// Create a ChatMessage entity.
ChatMessage chatMessage;

// create a new chat message entity here

// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);

// Execute the operation.
table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);

tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});












share|improve this question













I have a Azure storage table called 'ChatMessages'. Users are reading the data from javascript, so I only want read access for them. On the server side I'm saving data (chat message) into the table, so I want to grant write access on the server side.



Where do I set only read access on the client side and how do I use it?



Here is my server side code and javascript code



            var chatMessages = ConfigurationManager.AppSettings["ChatMessages"];
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(chatMessages);

// Create the table client.
CloudTableClient tableClient = storageAccount.CreateCloudTableClient();

// Create the CloudTable object that represents the "ChatMessages" table.
CloudTable table = tableClient.GetTableReference("ChatMessages");

// Create a ChatMessage entity.
ChatMessage chatMessage;

// create a new chat message entity here

// Create the TableOperation object that inserts the ChatMessage entity.
TableOperation insertOperation = TableOperation.Insert(chatMessage);

// Execute the operation.
table.Execute(insertOperation);


Here is my javascript code where each user just needs read access to the table data.






var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);

tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});








var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);

tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});





var tableUri = "https://myrggroupname.table.core.windows.net";
var tableService = AzureStorage.Table.createTableServiceWithSas(tableUri, sasToken);
var tableQuery = new AzureStorage.Table.TableQuery()
.select(['ProfileIdA', 'ProfileIdB', 'DisplayTime', 'DateSent', 'Message'])
.top(20)
.where('PartitionKey eq ? or PartitionKey eq ?', partitionA, partitionB);

tableService.queryEntities('ChatMessages', tableQuery, null, function(error, result, response) {
// do work here
});






javascript asp.net-mvc azure azure-table-storage






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 10 at 23:32









user1186050

2,105933108




2,105933108












  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07


















  • Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
    – David Makogon
    Nov 10 at 23:58










  • The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
    – user1186050
    Nov 11 at 0:01










  • You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
    – David Makogon
    Nov 11 at 0:05










  • Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
    – user1186050
    Nov 11 at 0:10












  • Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
    – David Makogon
    Nov 11 at 2:07
















Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58




Your JS code already includes a SAS token. Where is your code to generate this SAS token (as read-only) for a given user's table? You'll then need to pass the token to the client to be used in calls to table storage.
– David Makogon
Nov 10 at 23:58












The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01




The SAS token is generated server side. I generate it when a user logs in, then it gets saved to a session variable. But if I only want to give the client side read access, do I even need a SAS token? Isn't there a way to restrict client access without a SAS token? Of course on the server side I want add access.
– user1186050
Nov 11 at 0:01












You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05




You have your choice of either the storage key (all access, 100%, highly inadvisable to bury into js code) or a SAS (you limit it the way you want: which blob/queue/table, read vs write, etc). The only other way is to manage your content server-side, and provide appropriate data via an API you provide to the client-side (where you can then have any credentials you want for the API).
– David Makogon
Nov 11 at 0:05












Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10






Hi David. So correct me if I'm wrong! I should generate one SAS token for the client side read only access. Keep that stored/buried in the Javascript code and when that expires, and the client tries to use it, it will throw an error message saying to re-login or something which would then get a new one, that I've generated? Because currently I generate one everytime a user logs in and it gets stored in a users sessions variable and it's unique to each client logged on. But that seems like an overkill. Additionally, if the session variable with the SAS token expires, then they have to re-login
– user1186050
Nov 11 at 0:10














Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07




Not sure SAS is the right solution to represent a session, since session timeouts reset every time an action is taken, typically. This is why I suggested just accessing storage server-side, instead of trying to coerce an SAS into a type of session key. Anyway... you should have enough to work off of, based on what I posted here. Unfortunately comments are not the right place to have extended discussions.
– David Makogon
Nov 11 at 2:07

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244465%2fwhere-do-i-set-the-policy-for-my-azure-table-storage-for-a-user-to-read-and-a-ad%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes
















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53244465%2fwhere-do-i-set-the-policy-for-my-azure-table-storage-for-a-user-to-read-and-a-ad%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Full-time equivalent

さくらももこ

13 indicted, 8 arrested in Calif. drug cartel investigation