We are just starting to use Azure and I'm trying to get a handle on some security issues.
We are developing a web app that is mostly javascript. We want to store the javascript in in blob storage / CDN. But until we release it we only want our office to have access. I understand that I can't create a firewall rule for Azure blob, so restricting access to our office IP is out.
From what I have read Shared Access Signatures might be the way to go. Can someone confirm that this is a valid direction to go? Also, can someone point out what mechanism I should be looking at to restrict access to these containers. i.e. a way to restrict the tokens to only our devs.
I know this may come across as weak, but I really have no clue how MS does things coming from a purely *nix world. All the tutorials have are a few lines of code saying how to access stuff using SAS but not much on setting up the policies in the first place. Also, will this approach work with CDN?
Shared Access Signatures are implemented as querystrings containing valid from/to times on the link, along with a hash.
You can create a SAS on any blob via any language. Here's a Java tutorial, for example. At this point, you can embed the resultant link into your web page. Should work just like a regular url.
SAS isn't going to work against CDN, as CDN is only for public blobs.