![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 86%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,359 questions
Hello Artem Shaturskyi,
Thanks for posting your question in the Microsoft Q&A forum.
Azure Front Door doesn't natively support Microsoft Entra ID authentication for direct blob access. However, you can achieve this by using a combination of Azure Front Door, Azure Functions, and Azure Storage.
- Create an Azure Function App: Develop an HTTP-triggered function that acts as a proxy between Front Door and Blob Storage and implement Microsoft Entra ID authentication in the function.
- Configure Azure Front Door: Set up a backend pool pointing to your Azure Function App, then create routing rules to direct traffic to the function.
- Implement authentication and authorization: Use Microsoft.Identity.Web library in your Azure Function to handle Microsoft Entra ID authentication, validate user tokens and permissions in the function.
- Proxy requests to Blob Storage: Once authenticated, use the Azure Storage SDK in your function to retrieve the requested blob, stream the blob content back to the client through the function response.
- Configure CORS: Set up CORS rules on your Storage account to allow requests from your Front Door endpoint.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful