Added configuration option that allows users to select private container during install. When selected the blob container is created as a private container and files cannot be viewed directly via the blob url.

Author: rsoeteman

build/transforms/FileSystemProviders.config.install.xdt

@@ -22,6 +22,10 @@
         of the container name.
       -->
       <add key="useDefaultRoute" value="true" xdt:Locator="Match(key)" xdt:Transform="InsertIfMissing" />
+      <!--
+        When true blob containers will be private instead of public what means that you can't access the original blob file directly from its blob url.
+      -->
+      <add key="usePrivateContainer" value="false" xdt:Locator="Match(key)" xdt:Transform="InsertIfMissing" />
     </Parameters>
   </Provider>
   <!--

src/UmbracoFileSystemProviders.Azure.Installer/Configurator/Controllers/Configure.js

@@ -38,6 +38,6 @@ configApp.controller("Loader", function ($scope, $http, $log) {
     };
 
     $scope.getInputType = function (param) {
-        return param.toUpperCase() === "USEDEFAULTROUTE" ? "checkbox" : "text";
+        return param.toUpperCase() === "USEDEFAULTROUTE" || param.toUpperCase() === "USEPRIVATECONTAINER" ? "checkbox" : "text";
     };
 });

src/UmbracoFileSystemProviders.Azure.Installer/InstallerController.cs

@@ -77,6 +77,7 @@ public InstallerStatus PostParameters(IEnumerable<Parameter> parameters)
             string connection = newParameters.SingleOrDefault(k => k.Key == "connectionString").Value;
             string containerName = newParameters.SingleOrDefault(k => k.Key == "containerName").Value;
             bool useDefaultRoute = bool.Parse(newParameters.SingleOrDefault(k => k.Key == "useDefaultRoute").Value);
+            bool usePrivateContainer = bool.Parse(newParameters.SingleOrDefault(k => k.Key == "usePrivateContainer").Value);
             string rootUrl = newParameters.SingleOrDefault(k => k.Key == "rootUrl").Value;
 
             if (!TestAzureCredentials(connection, containerName))

src/UmbracoFileSystemProviders.Azure.Tests/AzureBlobFileSystemTestsBase.cs

@@ -42,11 +42,12 @@ public AzureBlobFileSystem CreateAzureBlobFileSystem(bool disableVirtualPathProv
             string connectionString = "UseDevelopmentStorage=true";
             string maxDays = "30";
             string useDefaultRoute = "true";
+            string usePrivateContainer = "false";
 
             Mock<ILogHelper> logHelper = new Mock<ILogHelper>();
             Mock<IMimeTypeResolver> mimeTypeHelper = new Mock<IMimeTypeResolver>();
 
-            return new AzureBlobFileSystem(containerName, rootUrl, connectionString, maxDays, useDefaultRoute)
+            return new AzureBlobFileSystem(containerName, rootUrl, connectionString, maxDays, useDefaultRoute, usePrivateContainer)
             {
                 FileSystem =
                 {

src/UmbracoFileSystemProviders.Azure/AzureBlobFileSystem.cs

@@ -3,6 +3,8 @@
 // Licensed under the Apache License, Version 2.0.
 // </copyright>
 
+using Microsoft.WindowsAzure.Storage.Blob;
+
 namespace Our.Umbraco.FileSystemProviders.Azure
 {
     using System;
@@ -49,7 +51,19 @@ public class AzureBlobFileSystem : IFileSystem
         /// <param name="rootUrl">The root url.</param>
         /// <param name="connectionString">The connection string.</param>
         public AzureBlobFileSystem(string containerName, string rootUrl, string connectionString)
-            : this(containerName, rootUrl, connectionString, "365", "true")
+            : this(containerName, rootUrl, connectionString, "365", "true", "false")
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AzureBlobFileSystem"/> class.
+        /// </summary>
+        /// <param name="containerName">The container name.</param>
+        /// <param name="rootUrl">The root url.</param>
+        /// <param name="connectionString">The connection string.</param>
+        /// <param name="maxDays">The maximum number of days to cache blob items for in the browser.</param>
+        /// <param name="useDefaultRoute">Whether to use the default "media" route in the url independent of the blob container.</param>
+        public AzureBlobFileSystem(string containerName, string rootUrl, string connectionString, string maxDays, string useDefaultRoute): this(containerName, rootUrl, connectionString, maxDays, useDefaultRoute, "false")
         {
         }
 
@@ -61,9 +75,10 @@ public AzureBlobFileSystem(string containerName, string rootUrl, string connecti
         /// <param name="connectionString">The connection string.</param>
         /// <param name="maxDays">The maximum number of days to cache blob items for in the browser.</param>
         /// <param name="useDefaultRoute">Whether to use the default "media" route in the url independent of the blob container.</param>
-        public AzureBlobFileSystem(string containerName, string rootUrl, string connectionString, string maxDays, string useDefaultRoute)
+        /// <param name="usePrivateContainer">blob container can be private (no direct access) or public (direct access possible, default)</param>
+        public AzureBlobFileSystem(string containerName, string rootUrl, string connectionString, string maxDays, string useDefaultRoute, string usePrivateContainer)
         {
-            this.FileSystem = AzureFileSystem.GetInstance(containerName, rootUrl, connectionString, maxDays, useDefaultRoute);
+            this.FileSystem = AzureFileSystem.GetInstance(containerName, rootUrl, connectionString, maxDays, useDefaultRoute, usePrivateContainer);
         }
 
         /// <summary>
@@ -100,7 +115,14 @@ public AzureBlobFileSystem(string alias)
                     useDefaultRoute = "true";
                 }
 
-                this.FileSystem = AzureFileSystem.GetInstance(containerName, rootUrl, connectionString, maxDays, useDefaultRoute);
+                string accessType = ConfigurationManager.AppSettings[$"{UseDefaultRootKey}:{alias}"];
+                if (string.IsNullOrWhiteSpace(useDefaultRoute))
+                {
+                    useDefaultRoute = "true";
+                }
+
+
+                this.FileSystem = AzureFileSystem.GetInstance(containerName, rootUrl, connectionString, maxDays, useDefaultRoute,accessType);
             }
             else
             {

src/UmbracoFileSystemProviders.Azure/AzureFileSystem.cs

@@ -77,10 +77,11 @@ internal class AzureFileSystem : IFileSystem
         /// <param name="connectionString">The connection string.</param>
         /// <param name="maxDays">The maximum number of days to cache blob items for in the browser.</param>
         /// <param name="useDefaultRoute">Whether to use the default "media" route in the url independent of the blob container.</param>
+        /// <param name="accessType"><see cref="BlobContainerPublicAccessType"/> indicating the access permissions.</param>
         /// <exception cref="ArgumentNullException">
         /// Thrown if <paramref name="containerName"/> is null or whitespace.
         /// </exception>
-        internal AzureFileSystem(string containerName, string rootUrl, string connectionString, int maxDays, bool useDefaultRoute)
+        internal AzureFileSystem(string containerName, string rootUrl, string connectionString, int maxDays, bool useDefaultRoute, BlobContainerPublicAccessType accessType)
         {
             if (string.IsNullOrWhiteSpace(containerName))
             {
@@ -107,7 +108,7 @@ internal AzureFileSystem(string containerName, string rootUrl, string connection
             }
 
             CloudBlobClient cloudBlobClient = cloudStorageAccount.CreateCloudBlobClient();
-            this.cloudBlobContainer = CreateContainer(cloudBlobClient, containerName, BlobContainerPublicAccessType.Blob);
+            this.cloudBlobContainer = CreateContainer(cloudBlobClient, containerName, accessType);
 
             // First assign a local copy before editing. We use that to track the type.
             // TODO: Do we need this? The container should be an identifer.
@@ -166,8 +167,9 @@ internal AzureFileSystem(string containerName, string rootUrl, string connection
         /// <param name="connectionString">The connection string.</param>
         /// <param name="maxDays">The maximum number of days to cache blob items for in the browser.</param>
         /// <param name="useDefaultRoute">Whether to use the default "media" route in the url independent of the blob container.</param>
+        /// <param name="usePrivateContainer">blob container can be private (no direct access) or public (direct access possible, default)</param>
         /// <returns>The <see cref="AzureFileSystem"/></returns>
-        public static AzureFileSystem GetInstance(string containerName, string rootUrl, string connectionString, string maxDays, string useDefaultRoute)
+        public static AzureFileSystem GetInstance(string containerName, string rootUrl, string connectionString, string maxDays, string useDefaultRoute, string usePrivateContainer)
         {
             lock (Locker)
             {
@@ -187,7 +189,15 @@ public static AzureFileSystem GetInstance(string containerName, string rootUrl,
                         defaultRoute = true;
                     }
 
-                    fileSystem = new AzureFileSystem(containerName, rootUrl, connectionString, max, defaultRoute);
+                    bool privateContainer;
+                    if (!bool.TryParse(usePrivateContainer, out privateContainer))
+                    {
+                        privateContainer = true;
+                    }
+
+                    var blobContainerPublicAccessType = privateContainer ? BlobContainerPublicAccessType.Off : BlobContainerPublicAccessType.Blob;
+
+                    fileSystem = new AzureFileSystem(containerName, rootUrl, connectionString, max, defaultRoute, blobContainerPublicAccessType);
                     FileSystems.Add(fileSystem);
                 }