Check if the blob is public internally

Author: qinezh

README.md

@@ -28,7 +28,6 @@ Configuration = new ConfigurationBuilder()
                 .AddBlobJson(new BlobJsonConfigurationOption
                 {
                     BlobUri = "{the_blob_uri}",
-                    IsPublic = false,
                     ReloadOnChange = true,
                     LogReloadException = e => logger.LogError(e, e.Message),
                     ActionOnReload = () => logger.LogInformation("Reloaded.")

samples/SampleWebApp/Program.cs

@@ -29,7 +29,6 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                     configuration.AddBlobJson(new BlobJsonConfigurationOption
                     {
                         BlobUri = new Uri(blobConfig["BlobUrl"]),
-                        IsPublic = true,
                         ReloadOnChange = true,
                         LogReloadException = ex => s_logger.LogError(ex, ex.Message),
                         ActionOnReload = () => s_logger.LogInformation("Reloaded.")

samples/SampleWebApp/SampleWebApp.csproj

@@ -11,8 +11,11 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="3.1.2" />
     <PackageReference Include="WindowsAzure.Storage" Version="9.3.3" />
-    <PackageReference Include="AzureBlobConfigurationExtension" Version="0.0.2" />
     <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="3.1.2" />
   </ItemGroup>
 
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\AzureBlobConfigurationExtension.csproj" />
+  </ItemGroup>
+
 </Project>

src/BlobAccessor.cs

@@ -3,6 +3,7 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Azure.Services.AppAuthentication;
+using Microsoft.WindowsAzure.Storage;
 using Microsoft.WindowsAzure.Storage.Auth;
 using Microsoft.WindowsAzure.Storage.Blob;
 
@@ -12,29 +13,26 @@ internal class BlobAccessor
     {
         protected CloudBlockBlob _blob;
 
-        public BlobAccessor(Uri blobUri, string account, string sasToken, bool isPublic)
+        private BlobAccessor(CloudBlockBlob blob)
         {
-            if (isPublic)
+            _blob = blob;
+        }
+
+        public static BlobAccessor Create(Uri blobUri, string account, string sasToken)
+        {
+            if (!string.IsNullOrEmpty(sasToken))
             {
-                _blob = new CloudBlockBlob(blobUri);
+                var storageCredentials = new StorageCredentials(account, sasToken);
+                var blob = new CloudBlockBlob(blobUri, storageCredentials);
+                return new BlobAccessor(blob);
             }
-            else if (string.IsNullOrEmpty(sasToken))
-            {
-                var azureServiceTokenProvider = new AzureServiceTokenProvider();
-                var tokenAndFrequency = TokenRenewerAsync(azureServiceTokenProvider, CancellationToken.None).GetAwaiter().GetResult();
-                var tokenCredential = new TokenCredential(tokenAndFrequency.Token,
-                                                            TokenRenewerAsync,
-                                                            azureServiceTokenProvider,
-                                                            tokenAndFrequency.Frequency.Value);
 
-                var storageCredentials = new StorageCredentials(tokenCredential);
-                _blob = new CloudBlockBlob(blobUri, storageCredentials);
-            }
-            else
+            if (IsBlobPublic(blobUri).Result)
             {
-                var storageCredentials = new StorageCredentials(account, sasToken);
-                _blob = new CloudBlockBlob(blobUri, storageCredentials);
+                return new BlobAccessor(new CloudBlockBlob(blobUri));
             }
+
+            return CreateBlobAccessorWithAAD(blobUri);
         }
 
         public async Task<(string, bool)> RetrieveIfUpdated(MemoryStream ms, string eTag)
@@ -61,10 +59,39 @@ private static async Task<NewTokenAndFrequency> TokenRenewerAsync(object state,
             var next = (authResult.ExpiresOn - DateTimeOffset.UtcNow) - TimeSpan.FromMinutes(5);
             if (next.Ticks < 0)
             {
-                next = default(TimeSpan);
+                next = default;
             }
 
             return new NewTokenAndFrequency(authResult.AccessToken, next);
         }
+
+        private static async Task<bool> IsBlobPublic(Uri blobUri)
+        {
+            try
+            {
+                // check if the blob can be accessed directly.
+                await new CloudBlockBlob(blobUri).FetchAttributesAsync();
+            }
+            catch (StorageException)
+            {
+                return false;
+            }
+
+            return true;
+        }
+
+        private static BlobAccessor CreateBlobAccessorWithAAD(Uri blobUri)
+        {
+            var azureServiceTokenProvider = new AzureServiceTokenProvider();
+            var tokenAndFrequency = TokenRenewerAsync(azureServiceTokenProvider, CancellationToken.None).GetAwaiter().GetResult();
+            var tokenCredential = new TokenCredential(tokenAndFrequency.Token,
+                                                        TokenRenewerAsync,
+                                                        azureServiceTokenProvider,
+                                                        tokenAndFrequency.Frequency.Value);
+
+            var storageCredentials = new StorageCredentials(tokenCredential);
+            var blob = new CloudBlockBlob(blobUri, storageCredentials);
+            return new BlobAccessor(blob);
+        }
     }
 }

src/BlobJsonConfigurationOption.cs

@@ -7,7 +7,6 @@ public class BlobJsonConfigurationOption
     {
         public Uri BlobUri { get; set; }
         public string SASToken { get; set; }
-        public bool IsPublic { get; set; }
         public bool ReloadOnChange { get; set; } = false;
         public TimeSpan PollingInterval { get; set; } = TimeSpan.FromSeconds(5);
         public Action<Exception> LogReloadException { get; set; }

src/BlobJsonConfigurationSource.cs

@@ -14,7 +14,7 @@ public BlobJsonConfigurationSource(BlobJsonConfigurationOption option)
 
             var account = BlobJsonConfigurationOption.GetAccount(option.BlobUri);
 
-            BlobAccessor = new BlobAccessor(option.BlobUri, account, option.SASToken, option.IsPublic);
+            BlobAccessor = BlobAccessor.Create(option.BlobUri, account, option.SASToken);
         }
 
         public override IConfigurationProvider Build(IConfigurationBuilder builder)