Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Azure icon

Limit Access to Azure Storage Account Using SAS URI

In this lab, you will have an opportunity to create a SAS token for access to an Azure Storage account and then test the SAS-based access by working with the storage account from a separate environment. Students with at least some Azure experience will have the best opportunity to complete the lab without assistance, but the lab guide and solution videos provide a full walkthrough if you get stuck.

Azure icon

Path Info

Clock icon Beginner
Clock icon 30m
Clock icon Oct 09, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Prepare Testing Environment

    At the beginning of this objective, you should be logged in to the Azure portal and on the overview page for the resource group provisioned with the lab environment.

    In this objective, you will prepare your testing environment by launching Azure Storage Explorer on a VM and uploading a couple of files to an Azure Storage account.

    1. Select the VM provisioned in the resource group, and connect to it using RDP. You can ignore any warnings about port prerequisites or security certificates when connecting.
    2. Once connected to the VM, it you are prompted to make your VM discoverable, click Yes. If one or more PowerShell or other windows open, close them.
    3. Open the A**zure Storage Explorer **that is already installed
    4. After Azure Storage Explorer completes initializing, choose Attach to a resource, and select to connect to a storage account, using a shared access signature URL (SAS). Do not use a connection string.
    5. Leave the Connection Info dialog open and minimize the VM window, but do not log out of the VM.
    6. Prepare two small text files locally to upload to Blob storage.
    7. Return to the resource group overview page in the portal, and navigate to the storage account with the name that starts with pslab, followed by a few random characters.
    8. Create a new container in the storage account, and upload the two files you prepared.
  2. Challenge

    Create and Test a SAS Token

    In this objective, you will enable the storage account to allow the use of SAS tokens, generate a token, and use the SAS URL in Azure Storage Explorer (in the VM) to connect to the storage account and test the permissions expressed in the SAS token.

    1. Go to Configuration on the storage account and enable the use of SAS tokens.

      Hint: You need to allow access to the account using keys in order to make use of SAS tokens.

    2. Create a shared access signature on the storage account with the following properties:

      • Only blob for allowed services.
      • Allow all three resource types.
      • Enable only read and list permissions.
      • Ensure the only allowed protocol is HTTPS.
      • Leave all other properties not mentioned as their defaults.
    3. Use the Blob service SAS URL to connect to the storage account from Azure Storage Explorer on the VM, and check that you can navigate to the container you created and the blobs you uploaded.

    4. Test to ensure that only read and list operations are allowed. For example, you should not be able to add a new blob or delete an existing one.

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans