User delegated SAS tokens for having user only access blob files (iamges) on an individual basis. It is possible to have over 100,000 tokens in one large container and directory. Are there any limits to howmany blobs and related tokens ?? Are there any performance issues in this approach?
Have not generated 100,000 for test, but see the pattern and am trying to design best solution. Have considered Account, Container, and Directory tokens but need 1-1 User to image blob read access. Are there limits and performance issues on this solution of having all blobs in 1 directory? What are the performance and management considerations?
The SAS tokens are generated by using a two inputs. A set of credentials and a querystring. In the querystring you can define the settings such as expiration date, permissions and more. Both of these inputs are thrown into an algorithm to generate a signature that's added to the querystring to create the SAS token.
Then when you use the SAS token the Storage Account server checks if your querystring and credentials can generate that same signature and if it matches it knows the token is valid. The information in the querystring is used for to determine if you are allowed to perform the action.
In short; the SAS tokens are created and validated using just the credentials and querystring. They are never saved to a database. In other words it doesn't matter if you generate 1, 1000 or a billion SAS tokens.