I have an API that allows users to upload files to Azure Storage containers. Right now my API allows file uploads, however it allows any user to upload to any container they want. I want to have users only be able to upload to their own container.
To prevent users from accessing all containers, I had the idea of providing users with SAS tokens to limit container access. The issue is that I am not sure how to format the connection string to include the SAS token as well as the container name. My current connection string is in the following format:
DefaultEndpointsProtocol=...;AccountName=...;AccountKey=...;EndpointSuffix=...
I've been using this resource to fix the connection string: https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string however each time I try to edit my own connection string, it either results in the API returning a 500 error or it allows me to access any of the containers and not just the token-specific container. I've also tried simply inputting SharedAccessSignature=<access key> as the connection string but it still does not work.
Simply put, you cannot create a connection string for a specific container.
What you can do is share the container specific SAS URL with your customer. What you can do is create a BlobContainerClient using the SAS URL and then upload the file.
For example, if you are using .Net SDK for Azure Blob Storage, the code would be something like:
var containerClient = new BlobContainerClient(sasUrl);
var blockBlobClient = containerClient.GetBlockBlobClient(blobName);
...write code to upload the blob