Skip to main content

Cross domain handling on Azure blob storage

This week a customer wanted to access the Azure blob storage from their Silverlight and Flash client applications. However due to the cross-domain restrictions of both technologies, we couldn’t access the blob storage out-of-the-box.

Let’s see how we can solve this and enable full access to blob storage through Silverlight and Flash.

ClientAccessPolicy.xml

When a Silverlight application makes a cross-domain call (other than those that are allowed by default), it first fetches a file called ClientAccessPolicy.xml from the root of the target server. For the blob storage this will be something like http://{namespace}.blob.core.windows.net/ .

Every blob in Windows Azure storage lives within a container, but there’s a special root container which lets us store blobs directly off the root of the domain. This is where we’ll put our ClientAccessPolicy.xml file. The following code creates a publicly readable root container and creates a blob named ClientAccessPolicy.xml within it:

private void CreateSilverlightPolicy()
{
var account= new CloudStorageAccount
(
new StorageCredentialsAccountAndKey("account", "key"), 
new Uri("http://sample.blob.core.windows.net"),
new Uri("http://sample.queue.core.windows.net"),
new Uri("http://sample.table.core.windows.net")
);
var client = account.CreateCloudBlobClient();
blobs.GetContainerReference("$root").CreateIfNotExist();
blobs.GetContainerReference("$root").SetPermissions(
new BlobContainerPermissions() {
PublicAccess = BlobContainerPublicAccessType.Blob
});
var blob = blobs.GetBlobReference("clientaccesspolicy.xml");
blob.Properties.ContentType = "text/xml";
blob.UploadText(@"<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods=""*"" http-request-headers=""*"">
<domain uri=""*"" />
<domain uri=""http://*"" />
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true"" />
</grant-to>
</policy>
</cross-domain-access>
</access-policy>");
}
CrossDomain.xml

For the Flash the story is almost the same but instead of adding a clientpolicy file, we need to add a crossdomain.xml file. 

private void CreateFlashPolicy()
{
var account= new CloudStorageAccount
(
new StorageCredentialsAccountAndKey("account", "key"), 
new Uri("http://sample.blob.core.windows.net"),
new Uri("http://sample.queue.core.windows.net"),
new Uri("http://sample.table.core.windows.net")
);

var client = account.CreateCloudBlobClient();
blobs.GetContainerReference("$root").CreateIfNotExist();
blobs.GetContainerReference("$root").SetPermissions(
new BlobContainerPermissions()
{
PublicAccess = BlobContainerPublicAccessType.Blob
});
var blob = blobs.GetBlobReference("crossdomain.xml");
blob.Properties.ContentType = "text/xml";
blob.UploadText(@"<?xml version=""1.0"" encoding=""utf-8""?>
<cross-domain-policy>
<allow-access-from domain=""*"" />
</cross-domain-policy>");
}
Labels:

Popular posts from this blog

Podman– Command execution failed with exit code 125

After updating WSL on one of the developer machines, Podman failed to work. When we took a look through Podman Desktop, we noticed that Podman had stopped running and returned the following error message: Error: Command execution failed with exit code 125 Here are the steps we tried to fix the issue: We started by running podman info to get some extra details on what could be wrong: >podman info OS: windows/amd64 provider: wsl version: 5.3.1 Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM Error: unable to connect to Podman socket: failed to connect: dial tcp 127.0.0.1:2655: connectex: No connection could be made because the target machine actively refused it. That makes sense as the podman VM was not running. Let’s check the VM: >podman machine list NAME         ...
Read more

Azure DevOps/ GitHub emoji

I’m really bad at remembering emoji’s. So here is cheat sheet with all emoji’s that can be used in tools that support the github emoji markdown markup: All credits go to rcaviers who created this list.
Read more

Cleaner switch expressions with pattern matching in C#

Ever find yourself mapping multiple string values to the same result? Being a C# developer for a long time, I sometimes forget that the C# has evolved so I still dare to chain case labels or reach for a dictionary. Of course with pattern matching this is no longer necessary. With pattern matching, you can express things inline, declaratively, and with zero repetition. A small example I was working on a small script that should invoke different actions depending on the environment. As our developers were using different variations for the same environment e.g.  "tst" alongside "test" , "prd" alongside "prod" .  We asked to streamline this a long time ago, but as these things happen, we still see variations in the wild. This brought me to the following code that is a perfect example for pattern matching: The or keyword here is a logical pattern combinator , not a boolean operator. It matches if either of the specified pattern...
Read more