问题描述
我试着去融入Azure的存储我的大部分文件的应用程序。我想将这些文件上传到蔚蓝的私人容器和私人斑点,并有通过在Azure CDN复制到所有其他节点的上传(仍然为私有容器和斑点)。然后我想我的应用程序,使一个存储的blob的请求,并给我的共享访问签名链接到BLOB一段时间。但是,我想生成应给予用于最靠近的数据中心到用户的链接。我将有SAS在每次需要一个blob时产生的,但我需要能够使用翻过了CDN的SAS选项。这甚至可能与天青或可我只用SAS与一个数据中心?
Im trying to incorporate Azure to store the majority of my files for an application. I want to upload these files to a private container and private blob in azure, and have those uploads copied through the Azure CDN to all of the other nodes (still as private containers and blobs). I then want my application to make a request to a stored blob, and give me the shared access signature link to the blob for a period of time. However, I want the link generated to be given for the closest datacenter to the user. I will have the SAS be generated each time a blob is needed, but I need to be able to use the SAS option accross the CDN. Is this even possible with Azure or can I only use SAS with one data center?
修改
我希望我们的CDN充当如果我们的主数据中心的副本,所以我不想除非它们从主数据中心删除永远要删除的CDN对象。如果我做创建的SAS和丢在CDN URL的末尾,如果在SAS的截止日期已过,但不是缓存持续时间,将用户能够回来和访问文件?
EditI would want our CDN to act as if its a copy of our main data center, so I dont want the CDN objects to ever be removed unless they are removed from the main data center. If I do create an SAS and throw it on the end of the CDN URL, if the expiration date on the SAS has passed, but not the cache duration, would the user be able to come back and access the file?
我的继承人例如:
- 缓存持续时间:5天
- Azure存储网址:
- CDN端点:
- Azure存储SAS参数: ?st=2015-03-30T19%3A21%3A09Z&se=2015-04-01T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
- 最终CDN网址:<一href=\"http://az507923.vo.msecnd.net/images/img1.jpg?st=2015-03-30T19%3A21%3A09Z&se=2015-04-01T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D\" rel=\"nofollow\">http://az507923.vo.msecnd.net/images/img1.jpg?st=2015-03-30T19%3A21%3A09Z&se=2015-04-01T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
- Cache Duration: 5 days
- Azure Storage URL: http://azstorage.blob.core.windows.net/images/img1.jpg
- CDN Endpoint: http://az507923.vo.msecnd.net/
- Azure Storage SAS parameter: ?st=2015-03-30T19%3A21%3A09Z&se=2015-04-01T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
- Final CDN URL: http://az507923.vo.msecnd.net/images/img1.jpg?st=2015-03-30T19%3A21%3A09Z&se=2015-04-01T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
显然,用户可以访问此网址,直到2015年4月1日,但如果他们回来在2015年4月2日,将他们仍然有机会?
Obviously the user could access this URL until 4/1/2015, but what if they come back on 4/2/2015, would they still have access?
另外,说我设置blob的高速缓冲存储器控制头在同一时间作为SAS的网址,这也是缓存持续时间之后期满。然后,我有一个用户回来相同的一滴在2015年4月8日,我们将产生一个新的SAS和它给用户,将团块仍然对CDN或将高速缓存控制头从CDN删除?
Also, say I do set the cache control header of the blob to expire at the same time as the SAS URL, which is also after the cache duration. I then have a user come back for that same blob on 4/8/2015, we would generate a new SAS and give it to the user, would the blob still be on the CDN or would the cache control header delete it from the CDN?
推荐答案
您可以使用与CDN SAS的URL。所有你需要做的是提供附加到CDN URL正确的SAS签名。
You can use SAS URLs with the CDN. All you need to do is provide the correct SAS signature appended to the CDN URL.
这看起来像:
- Azure存储网址:
- CDN端点:
- Azure存储SAS参数: ?st=2015-09-17T19%3A21%3A09Z&se=2015-09-17T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
- 最终CDN网址:<一href=\"https://az507923.vo.msecnd.net/images/img1.jpg?st=2015-09-17T19%3A21%3A09Z&se=2015-09-17T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D\" rel=\"nofollow\">https://az507923.vo.msecnd.net/images/img1.jpg?st=2015-09-17T19%3A21%3A09Z&se=2015-09-17T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
- Azure Storage URL: http://azstorage.blob.core.windows.net/images/img1.jpg
- CDN Endpoint: http://az507923.vo.msecnd.net/
- Azure Storage SAS parameter: ?st=2015-09-17T19%3A21%3A09Z&se=2015-09-17T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
- Final CDN URL: https://az507923.vo.msecnd.net/images/img1.jpg?st=2015-09-17T19%3A21%3A09Z&se=2015-09-17T20%3A21%3A09Z&sr=c&sp=r&sig=STTE1p0ujzZr31ZjPaOlNoImCPcjss2GoRsOWDlpJuI%3D
这种方法的一些注意事项:
Some caveats with this approach:
- 任何人使用此网址可以访问该文件,所以你就必须有一种机制来保持这个URL私人。这也意味着,如果URL泄漏出来那么任何人都可以,所以你必须确定这是否是在可接受的安全水平访问该文件。
- 的CDN将使用完整的URL包括SAS,所以缓存的对象将是有效的缓存持续时间为7天默认缓存的对象。这意味着,你需要确保你设置的BLOB缓存控制标头是时间相同的SAS URL,以便缓存的CDN对象将在同一时间作为SAS URL过期。
这篇关于使用Azure的CDN与共享访问签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!