在使用Azure上的存储服务 Storage Account 的时候,有时需要代替 它原本提供的域名进行访问,比如默认的域名为:mystorageaccount.blob.core.chinacloudapi.cn, 想转变为 myservice.file.com 。 image.png

如果使用App Service作为反向代理,我们现在有如下三个疑问:


第二:是否还能成功访问Storage Account服务呢? 

第三:.NET Storage Account SDK中如何使用自定义的域名连接服务呢?



第一问,在App Service服务中如何实现反向代理呢?


  1. 【Azure 应用服务】在App Service for Windows中实现反向代理 : https://www.cnblogs.com/lulight/p/17120713.html
第一步:applicationhost.xdt 启用IIS代理功能

选择一个 Windows 平台的App Service,进入Kudu站点,在 Site 目录下创建 applicationhost.xdt 文件并复制下面的内容

<?xml version="1.0"?>
    <configuration xmlns:xdt=http://schemas.microsoft.com/XML-Document-Transform> <system.webServer>
        <proxy xdt:Transform="InsertIfMissing" enabled="true" preserveHostHeader="false" reverseRewriteHostInResponseHeaders="false" />
  • xdt:Transform="InsertIfMissing" 表示如果代理配置不存在,则插入这一配置。
  • enabled="true" 表示启用代理功能。
  • preserveHostHeader="false" 表示不保留原始请求的主机头信息。
  • reverseRewriteHostInResponseHeaders="false" 表示在响应头中不反向重写主机头信息。

第二步:web.config 配置 rewrite rule

第一步完成后,点击 WWWROOT 目录,添加新文件 web.config 并复制下面的内容

                <rule name="root" stopProcessing="true">  
                    <match url="^/?(.*)" />  
                    <action type="Rewrite" url="https://<stroage account name>.blob.core.chinacloudapi.cn/{R:1}" />  

                <!-- 需要对根目录的请求进行反向代理,否则对POST/PUT等操作会报错404无法找到Blob Containers -->
                <!-- <rule name="sa" stopProcessing="true"> -->
                    <!-- <match url="^sa/?(.*)" /> -->
                    <!-- <action type="Rewrite" url="https://<storage account name>.blob.core.chinacloudapi.cn/{R:1}" /> -->
                <!-- </rule> -->

第二问,是否还能成功访问Storage Account服务呢? 

完成App Service的反向代理配置后,重启服务。然后进入Storage Account的共享访问签名生成页面。 image.png

第一步:使用原生的 SAS URL访问Blob文件


https://< your storage account >.blob.core.chinacloudapi.cn//.txt?


第二步:用App Service的域名替换原生的Storage Account域名访问




测试验证,两种域名均可访问。证明,反向代理配置成功! image.png

第三问:.NET Storage Account SDK中如何使用自定义的域名连接服务呢?

是的,在默认的.NET Storage Account SDK中,默认使用的是连接字符串(Connection String)。


以上的格式,无法修改EndpointSuffix为自定义的域名。所以,使用连接字符串肯定是不可以的。 image.png 代替的方案就是使用共享访问签名(SAS URL)来初始化BlobServiceClient对象。

参考“快速入门:适用于 .NET 的 Azure Blob 存储客户端库” 文章中的代码,只需要修改初始化 Blob Service Client对象的那一段代码就可以,改动量非常小。

//Use SAS URL 
string accountsas = "https://<the app gateway domain name>/?sv=2022-11-02&ss=bfqt&srt=sco&sp=rwdlacupitfx&se=2025-02-28T13:55:27Z&st=2025-02-28T05:55:27Z&spr=https&sig=PxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxD";

Uri sasuri = new Uri(accountsas); // Create a BlobServiceClient object which will be used to create a container client
BlobServiceClient blobServiceClient = new BlobServiceClient(sasuri); 

注意:代码中使用的共享访问签名SAS URL是Storage Account级别的,不能使用第二问中的一个blob文件的SAS URL,否则会出现权限不够报错。 image.png


storage account sdk for sas url.gif


  1. 在App Service for Windows中实现反向代理 : https://www.cnblogs.com/lulight/p/17120713.html
  3. BlobServiceClient 构造函数 : https://learn.microsoft.com/zh-cn/dotnet/api/azure.storage.blobs.blobserviceclient.-ctor?view=azure-dotnet#azure-storage-blobs-blobserviceclient-ctor(system-uri-azure-storage-storagesharedkeycredential-azure-storage-blobs-blobclientoptions)
  4. 快速入门:适用于 .NET 的 Azure Blob 存储客户端库 : https://docs.azure.cn/zh-cn/storage/blobs/storage-quickstart-blobs-dotnet?tabs=visual-studio%2Cconnection-string%2Croles-azure-portal%2Csign-in-azure-cli%2Cidentity-visual-studio


The specified container does not exist. RequestId:000000 Time:2025-02-28T05:57:16.7457335Z Status: 404 (The specified container does not exist.) ErrorCode: ContainerNotFound


ContainerNotFoundThe specified container does not exist. RequestId:00000 Time:2025-02-28T05:57:16.7457335Z

Headers: Date: Fri, 28 Feb 2025 05:57:16 GMT Server: Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0 Set-Cookie: REDACTED x-ms-request-id: e000000 x-ms-client-request-id: 5e x-ms-version: 2020-08-04 x-ms-error-code: ContainerNotFound X-Powered-By: REDACTED Content-Length: 225 Content-Type: application/xml


using Azure;
using Azure.Identity;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using System;
using System.IO;
using System.Text;
using System.Threading.Tasks;

namespace BlobQuickstartV12
    class Program
        static async Task Main(string[] args)
            Console.WriteLine("Hello World!");
            Console.WriteLine("Azure Blob storage v12 - .NET quickstart sample\n");

            // Retrieve the connection string for use with the application. The storage
            // connection string is stored in an environment variable on the machine
            // running the application called AZURE_STORAGE_CONNECTION_STRING. If the
            // environment variable is created after the application is launched in a
            // console or with Visual Studio, the shell or application needs to be closed
            // and reloaded to take the environment variable into account.
            //string connectionString = "Connection String";
            string accountsas = " SAS URL ";
            Uri sasuri = new Uri(accountsas);
            // Create a BlobServiceClient object which will be used to create a container client
            BlobServiceClient blobServiceClient = new BlobServiceClient(sasuri);

            //Create a unique name for the container
            string containerName = "lbllmpackage";// "quickstartblobs" + Guid.NewGuid().ToString();

            // Create the container and return a container client object
            BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);

            Console.WriteLine("Listing blobs...");

            // List all blobs in the container
            await foreach (BlobItem blobItem in containerClient.GetBlobsAsync())
                    Console.WriteLine("\t" + blobItem.Name);

                    BlobClient bclient = containerClient.GetBlobClient(blobItem.Name);
                    await bclient.CreateSnapshotAsync();
                catch (Exception ex)

            var prp = containerClient.GetProperties();

            // Create a local file in the ./data/ directory for uploading and downloading
            string localPath = @".\data\";
            string fileName = "quickstart" + Guid.NewGuid().ToString() + ".txt";
            string localFilePath = Path.Combine(localPath, fileName);

            // Write text to the file
            await File.WriteAllTextAsync(localFilePath, "Hello, World! the message from .net");

            // Get a reference to a blob
            BlobClient blobClient = containerClient.GetBlobClient("/test/" + fileName);

            Console.WriteLine("Uploading to Blob storage as blob:\n\t {0}\n", blobClient.Uri);

            // Open the file and upload its data
            using FileStream uploadFileStream = File.OpenRead(localFilePath);
            await blobClient.UploadAsync(uploadFileStream, true);

            Console.WriteLine("Listing blobs...");

            // List all blobs in the container
            await foreach (BlobItem blobItem in containerClient.GetBlobsAsync())
                Console.WriteLine("\t" + blobItem.Name);
            // Download the blob to a local file
            // Append the string "DOWNLOADED" before the .txt extension 
            // so you can compare the files in the data directory
            string downloadFilePath = localFilePath.Replace(".txt", "DOWNLOADED.txt");

            Console.WriteLine("\nDownloading blob to\n\t{0}\n", downloadFilePath);

            // Download the blob's contents and save it to a file
            BlobDownloadInfo download = await blobClient.DownloadAsync();

            using (FileStream downloadFileStream = File.OpenWrite(downloadFilePath))
                await download.Content.CopyToAsync(downloadFileStream);


