Here is how to mange access to the file (which is stored on Azure Blob) using ASP.Net Identity .
For more details about ASP.Net Identity, please refer to this document
https://docs.microsoft.com/en-us/aspnet/identity/
Azure Blob has several ways to control access to the file, as below.
- Shared Key (storage account key)
- Shared access signature (SAS)
- Azure Active Directory (Azure AD)
Please read here for details.
https://docs.microsoft.com/en-us/azure/storage/common/storage-auth
If you are using APS.Net Identity, the simple way to manage access to the file is generating Shared access signature along with making request to the file.
For making Shared access signature, please refer to this document.
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Withing Share access signature (SAS), there are there types.
User delegation SAS
A user delegation SAS is secured with Azure Active Directory (Azure AD) credentials and also by the permissions specified for the SAS.
For this we are not using Azure AD, so we ll skip this type.
Account SAS
An account SAS is secured with the storage account key. An account SAS delegates access to resources in one or more of the storage services. All of the operations available via a service or user delegation SAS are also available via an account SAS. Additionally, with the account SAS, you can delegate access to operations that apply at the level of the service, such as Get/Set Service Properties and Get Service Stats operations. You can also delegate access to read, write, and delete operations on blob containers, tables, queues, and file shares that are not permitted with a service SAS.
We are focused on reading files on Azure Blob, so we ll skip this type.
Service SAS
A service SAS is secured with the storage account key. A service SAS delegates access to a resource in only one of the Azure Storage services: Blob storage, Queue storage, Table storage, or Azure Files.
For generating service SAS, please refer here.
https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas