Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Designing secure cloud applications

Adora Nwodo
September 30, 2020

Designing secure cloud applications

Adora Nwodo

September 30, 2020
Tweet

More Decks by Adora Nwodo

Other Decks in Programming

Transcript

  1. Will my application contain sensitive customer data? Where and how

    is my applications data stored? Will this application be available over the internet (publicly) or just internally? How do I plan to verify my users identity? What sensitive tasks are performed in my application? Does my application perform any risky software activities?
  2. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  3. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  4. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } }
  5. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  6. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  7. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  8. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  9. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  10. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } }
  11. public class ValuesController : ApiController { private readonly BlobServiceClient blobServiceClient;

    private readonly string blobContainer; ... /// <summary> /// Return a limited access key that allows the caller to upload a file /// to this specific destination for a defined period of time (10 minutes). /// </summary> private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName) { var blob = blobServiceClient.GetBlobContainerClient(this.blobContainer).GetBlobClient(blobName); var storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings["AzureStorageEmulatorAccountKey"]); var blobSasBuilder = new BlobSasBuilder { BlobContainerName = this.blobContainer, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; policy.SetPermissions(BlobSasPermissions.Write); var sas = policy.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return new StorageEntitySas { BlobUri = blob.Uri, Credentials = sas }; } public struct StorageEntitySas { public string Credentials; public Uri BlobUri; } } Code snippet from docs.microsoft.com