How to access Azure blob storage via Flex Application?

I am trying to access Blob Storage on Azure via my flex Application. I am doing this via an HTTP Service by using开发者_Go百科 the url given by Azure Blob Storage. However, my storage has private and restricted access and I can only update the storage by using the key (provided by Azure). Since my application needs to write to this storage, I somehow need to pass in the key via my HTTPService? Does anyone have any idea how I can do this?

Regards Aparna

Azure storage uses a REST Api that's just wrapped by the tools. Heres the official blurb:

http://msdn.microsoft.com/en-us/library/dd179355.aspx

A quick reference for "Get Blob"

http://msdn.microsoft.com/en-us/library/dd179440.aspx

So 1st step is to reference the Azure Storage REST API and construct an HTTP request you want to use for your operation, following the API specs.

Once you have that, you will have one header (Authorization) for which you'll have to construct a string. This is the tricky part when you don't have a pre-made library.

The end goal is that you will simply set and pass an Authorization header in your HTTPService object. This will contain your shared key along with a signature. This key is a long string that represents the request that is then signed by your Azure key. I really don't know Flex/AS syntax, so I'll do the best to simply describe the solution and you can implement.

That signature is a string that you sign with the key. That string is the combination of the following elements:

• the HTTP Method/verb being used in the request
• the Content-MD5 header value
• the Content-type header value
• the Date
• a concatenized string of all the azure-specific ("x-ms-*") headers
• a concatenzied string of the Azure account name + the blob path you are accessing

So you want to gather/create all this, concat a string with all of them, create a signature of that string using your key, pass that in

It's important to note that since you send all this in in a single request, the values of these headers is simply based upon what you pass in. So optional fields (like Content-MD5) that you wouldn't neccesarily use for this can be blank, you just have to pass them. The signature is simply based on what you send it, there is no two-factor check.

Step 1: Gather the data, just store each of these in a variable, or construct on the fly as you build your string to sign.

HTTP Method -- just whatever you are trying to do with Azure. If reading, use GEt. If creating, use POST. If modifying, use PUT. etc ... This just matched whatever you are already doing

Content-MD5 -- as mentioned, we don't have to construct a digest here, just use a newline ("\n" in C#)

Content-Type -- the HTTPService object has this field. Set it depending on what you are doing with the API, then reference again for the signing.

Date -- again, this is optional as Azure requests pass a custom header for date. Just append a newline again. If you want to pass a date, thats fine, just make sure you reference the same value here

Headers -- This is a bit language specific, so I'll just describe. You need to build your request object (based on the Azure API) then access the request's header array, iterate through each, find the ones that start with "x-ms-" and build a long string of them. You also need to handle duplicates (dont pass) and whitespace.

So if I had 5 headers on my request:

• ContentType: text/xml
• eTag: 10101010
• x-ms-version: 2009-09-19
• x-ms-metadata: SomeData

my header string would be Headers[x-ms-version] + Headers[x-ms-metadata] or

"2009-09-19SomeData"

Resources -- this is just your Azure Storage Account Name + the request Uri you are accessing.

Step 2: Build the string to sign So you have all this, construct a string of all these variables:

string strToSign = HttpMethoid + Content-MD5 +
   Content-Type + Date + HeadersStr + ResourceStr

Step 3: Sign the string with your storage key

Construct a HMAC-SHA256 hash of this string using your storage account key. you'll likely have to download an extension library for Flex. I don't believe it contains Encryption by default. Just google HMAC-SHA256 Flex and use one of those

Step 4: Build the authorization header Once you have that hash, you take the whole thing and construct the Authorization Header. The format is

authString = "SharedKey" + [AzureAccountName] + [Signed String you just created]

add this to the request, something like

req.Headers.Add("Authorization", authString);

If you've done all this correct, the request will work. If not, you'll get a 403. Once you get it right, store it in a library, b/c trust me you don't want to rebuild :)

Good luck

You need to pass your key in the HTTP Header. You can check out this material, which talks about how to talk to Azure storage via the REST API, including updating the header value: http://msdn.microsoft.com/en-us/library/dd179428.aspx

If interested in some .NET code samples, use Reflector on the Microsoft.WindowsAzure.StorageClient assembly that comes with the Windows Azure SDK to see how they are doing it.

I'm not sure if Flex supports Java, but if it does then instead of writing your own ActionScript wrappers to implement Azure REST API you can use Windows Azure SDK for java. More information about this can be found here: http://www.windowsazure4j.org/