问题描述

iOS Objective-C 应用，连接Azure Storage Account, 根据官网Example代码，在没有关闭Storage Account的匿名访问时，程序正常运行。

但是，只要关闭了匿名访问，上传blob到Container中，就会报错：Public access is not permitted on this storage account

问题解答

查看示例代码：

-(void)createContainerWithPublicAccess{
    NSError *accountCreationError;
    // Create a storage account object from a connection string.
    AZSCloudStorageAccount *account = [AZSCloudStorageAccount accountFromConnectionString:@"DefaultEndpointsProtocol=https;AccountName=your_account_name_here;AccountKey=your_account_key_here" error:&accountCreationError];
    if(accountCreationError){
        NSLog(@"Error in creating account.");
    }
    // Create a blob service client object.
    AZSCloudBlobClient *blobClient = [account getBlobClient];
    // Create a local container object.
    AZSCloudBlobContainer *blobContainer = [blobClient containerReferenceFromName:@"containerpublic"];
    // Create container in your Storage account if the container doesn't already exist
    [blobContainer createContainerIfNotExistsWithAccessType:AZSContainerPublicAccessTypeContainer requestOptions:nil operationContext:nil completionHandler:^(NSError *error, BOOL exists){
        if (error){
            NSLog(@"Error in creating container.");
        }
    }];
}

关键就是 blobContainer createContainerIfNotExistsWithAccessType:AZSContainerPublicAccessTypeContainer  这一句代码。因为示例代码中使用的是Public Access方式create container，虽然连接字符串中由Account Key，但是代码中使用的是Public Access。所以当关闭Public Access后，程序就会报错。

把 AZSContainerPublicAccessTypeContainer 修改为  AZSContainerPublicAccessTypeOff  就可以了。

NOTES:

• No public read access: The container and its blobs can be accessed only with an authorized request. This option is the default for all new containers.
• Public read access for container and its blobs: Container and blob data can be read by anonymous request, except for container permission settings and container metadata. Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.
• Public read access for blobs only: Blobs within the container can be read by anonymous request, but container data is not available anonymously. Anonymous clients cannot enumerate the blobs within the container.

参考资料

设置Storage Account Container容器权限 : https://learn.microsoft.com/zh-cn/previous-versions/azure/storage/blobs/storage-ios-how-to-use-blob-storage#set-container-permissions

[END]