How to Authentication IoT Central devices with other Azure services? (example: download OTA bin)
In the reference architectures for IOT Hub\Central you can easily see how the SAS or X509 Cert is used for device authentication. As an example, look at this MXChip OTA Example. (my notes in pink)
Reference Article: Azure MXChip IoT DevKit Firmware OTA (Over-the-Air)
When we extend out to other Azure Services, can you leverage this authentication for other actions such as downloading files for OTA.
The only approach I can come up with is either:
a) have the download endpoint be secure through obscurity (not great).
b) introduce a shim service and implement an additional authentication layer there.
A seems bad. B seems like a waste. I feel like I'm missing and option C or lack the right info on the Azure-way for this one.
Thanks!
With regard to my original question about using the authenticated device session to access other Azure services, both in general and specifically for the purpose of downloading files for OTA. This is not possible.
You either need to implement an additional authentication mechanism and your own service, use the service specific SDK in your application or for the case of Blob Storage with firmware updates, use a publicly available download point.
Note: The answer from Roman shows how to upload and access an uploaded file. It may help some who will end up here.