问题
In an Azure subscription I have a Storage account with multiple defined containers. Currently all of my code uses the primary access key for the connection string to read and write data to the containers. All Containers are Private. Can I generate a read-only connection string for the Storage account or does it have to be defined for each container?
回答1:
At this moment, it's not possible to create a read-only connection string for the storage account. From the platform side, your only option would be to make use of Shared Access Signatures/Container Level ACL but that you would have to do for each blob container separately. Other option would be to create your own application which acts as a proxy between your users and your storage account. All requests to your storage account will be routed through this application and there you could incorporate this read-only mechanism where you reject all requests other than GET (for read only behavior).
回答2:
If you are trying to mimic the folders of a file system, then you may want to consider creating virtual directories within a single blob container, rather than creating >20 separate containers to represent folders. The use of directories is discussed in another stackoverflow question: Windows Azure: How to create sub directory in a blob container and also Azure Storage Blobs Service Working with Directories. The CloudBlobDirectory Class represents a blob directory of blobs, designated by a delimiter character. If you place all your directories in a single container, then you can set access once for all the blobs in this container (including blobs in subdirectories) by alternatively configuring Public Access (e.g. anonymous read access), Shared Access Signatures , or Stored Access Policies . Stored Access Policies on the container might be useful to you because it enables the SAS strings you deploy to be revoked, extended, or updated without having to redeploy new strings.
来源:https://stackoverflow.com/questions/16179695/how-do-i-define-a-read-only-access-connection-string-for-a-container-in-azure