You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-blob-dotnet-get-started.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,7 +64,7 @@ To learn more about each of these authorization mechanisms, see [Authorize acces
64
64
65
65
<aname='azure-ad'></a>
66
66
67
-
## [Microsoft Entra ID](#tab/azure-ad)
67
+
## [Microsoft Entra ID (recommended)](#tab/azure-ad)
68
68
69
69
To authorize with Microsoft Entra ID, you'll need to use a security principal. The type of security principal you need depends on where your application runs. Use this table as a guide.
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-blob-go-get-started.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -67,7 +67,7 @@ You can authorize a client object using a Microsoft Entra authorization token (r
67
67
68
68
<aname='azure-ad'></a>
69
69
70
-
## [Microsoft Entra ID](#tab/azure-ad)
70
+
## [Microsoft Entra ID (recommended)](#tab/azure-ad)
71
71
72
72
To authorize with Microsoft Entra ID, you need to use a [security principal](../../active-directory/develop/app-objects-and-service-principals.md). The following articles provide guidance on different authentication scenarios:
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-blob-java-get-started.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -124,7 +124,7 @@ You can authorize a `BlobServiceClient` object by using a Microsoft Entra author
124
124
125
125
<aname='azure-ad-recommended'></a>
126
126
127
-
## [Microsoft Entra ID (Recommended)](#tab/azure-ad)
127
+
## [Microsoft Entra ID (recommended)](#tab/azure-ad)
128
128
129
129
To authorize with Microsoft Entra ID, you'll need to use a [security principal](../../active-directory/develop/app-objects-and-service-principals.md). Which type of security principal you need depends on where your application runs. Use the following table as a guide:
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-blob-javascript-get-started.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -130,6 +130,9 @@ The `dotenv` package is used to read your storage account name and key from a `.
130
130
131
131
For information about how to obtain account keys and best practice guidelines for properly managing and safeguarding your keys, see [Manage storage account access keys](../common/storage-account-keys-manage.md).
132
132
133
+
> [!IMPORTANT]
134
+
> The account access key should be used with caution. If your account access key is lost or accidentally placed in an insecure location, your service may become vulnerable. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. `DefaultAzureCredential` provides enhanced security features and benefits and is the recommended approach for managing authorization to Azure services.
135
+
133
136
## [SAS token](#tab/sas-token)
134
137
135
138
Create a Uri to your resource by using the blob service endpoint and SAS token. Then, create a [BlobServiceClient](/javascript/api/@azure/storage-blob/blobserviceclient) with the Uri. The SAS token is a series of name/value pairs in the querystring in the format such as:
@@ -173,6 +176,8 @@ Create the [ContainerClient](/javascript/api/@azure/storage-blob/containerclient
> The account access key should be used with caution. If your account access key is lost or accidentally placed in an insecure location, your service may become vulnerable. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. `DefaultAzureCredential` provides enhanced security features and benefits and is the recommended approach for managing authorization to Azure services.
> The account access key should be used with caution. If your account access key is lost or accidentally placed in an insecure location, your service may become vulnerable. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. `DefaultAzureCredential` provides enhanced security features and benefits and is the recommended approach for managing authorization to Azure services.
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-blob-python-get-started.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -93,7 +93,7 @@ You can authorize a `BlobServiceClient` object by using a Microsoft Entra author
93
93
94
94
<a name='azure-ad'></a>
95
95
96
-
## [Microsoft Entra ID](#tab/azure-ad)
96
+
## [Microsoft Entra ID (recommended)](#tab/azure-ad)
97
97
98
98
To authorize with Microsoft Entra ID, you need to use a [security principal](../../active-directory/develop/app-objects-and-service-principals.md). Which type of security principal you need depends on where your application runs. Use the following table as a guide:
Copy file name to clipboardExpand all lines: articles/storage/blobs/storage-blob-typescript-get-started.md
+10-1Lines changed: 10 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -109,7 +109,7 @@ Each type of resource is represented by one or more associated JavaScript client
109
109
110
110
The [BlobServiceClient](/javascript/api/@azure/storage-blob/blobserviceclient) object is the top object in the SDK. This client allows you to manipulate the service, containers and blobs.
111
111
112
-
## [Passwordless](#tab/azure-ad)
112
+
## [Microsoft Entra ID (recommended)](#tab/azure-ad)
113
113
114
114
Once your Azure storage account identity roles and your local environment are set up, create a TypeScript file which includes the [``@azure/identity``](https://www.npmjs.com/package/@azure/identity) package. Create a credential, such as the [DefaultAzureCredential](/javascript/api/overview/azure/identity-readme#defaultazurecredential), to implement passwordless connections to Blob Storage. Use that credential to authenticate with a [BlobServiceClient](/javascript/api/@azure/storage-blob/blobserviceclient) object.
115
115
@@ -129,6 +129,9 @@ The `dotenv` package is used to read your storage account name and key from a `.
129
129
130
130
For information about how to obtain account keys and best practice guidelines for properly managing and safeguarding your keys, see [Manage storage account access keys](../common/storage-account-keys-manage.md).
131
131
132
+
> [!IMPORTANT]
133
+
> The account access key should be used with caution. If your account access key is lost or accidentally placed in an insecure location, your service may become vulnerable. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. `DefaultAzureCredential` provides enhanced security features and benefits and is the recommended approach for managing authorization to Azure services.
134
+
132
135
## [SAS token](#tab/sas-token)
133
136
134
137
Create a Uri to your resource by using the blob service endpoint and SAS token. Then, create a [BlobServiceClient](/javascript/api/@azure/storage-blob/blobserviceclient) with the Uri. The SAS token is a series of name/value pairs in the querystring in the format such as:
@@ -172,6 +175,9 @@ Create the [ContainerClient](/javascript/api/@azure/storage-blob/containerclient
> The account access key should be used with caution. If your account access key is lost or accidentally placed in an insecure location, your service may become vulnerable. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. `DefaultAzureCredential` provides enhanced security features and benefits and is the recommended approach for managing authorization to Azure services.
> The account access key should be used with caution. If your account access key is lost or accidentally placed in an insecure location, your service may become vulnerable. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. `DefaultAzureCredential` provides enhanced security features and benefits and is the recommended approach for managing authorization to Azure services.
0 commit comments