Configuring Azure Connection Strings
Updated: January 21, 2015
A connection string contains the parameters that are necessary to access your storage account in Azure. You can configure a connection string in the following ways:
Connect to the Azure storage emulator while you are locally testing your service or application.
Connect to a storage account in Azure by using the default endpoints for the storage services.
Connect to a storage account in Azure by using explicit endpoints for the storage services.
If your application is a cloud service running in Azure, the most convenient place to store your connection string is in the Azure Service Configuration Schema (.cscfg File). If your application is running in another environment (for example, on the desktop), then you will probably want to store your connection string in an app.config file or another configuration file. You can use the Azure CloudConfigurationManager class to access your connection string at runtime regardless of where it is running.
The storage emulator is a local account with a well-known name and key. Since the account name and key are the same for all users, you can use a shortcut string format to refer to the storage emulator within a connection string. Set the value of the connection string to
You can also specify an HTTP proxy to use when you're testing your service against the storage emulator. This can be useful for observing HTTP requests and responses while you're debugging operations against the storage services. To specify a proxy, add the
DevelopmentStorageProxyUri option to the connection string, and set its value to the proxy URI. For example, here is a connection string that points to the storage emulator and configures an HTTP proxy:
You can define a connection string to a storage account in Azure in one of the following ways:
Assume the default endpoints for the storage services. This is the simplest option for creating a connection string. When you use this connection string format, you need to specify only your account name and account key, and indicate whether to connect to your storage account through HTTP or HTTPS.
Specify explicit endpoints for the storage services. This option allows you to create a more complex connection string. When you use this string format, you can specify storage service endpoints that include a custom domain name, or minimize information exposure for a shared access signature-based connection string.
|The Azure storage services support both HTTP and HTTPS; however, using HTTPS is highly recommended.|
To create a connection string that relies on the default endpoints for the storage service, use the following connection string format. Indicate whether you want to connect to the storage account through HTTP or HTTPS, replace
myAccountName with the name of your storage account, replace
myAccountKey with your account access key:
For example, your connection string should look similar to the following sample connection string:
You may want to explicitly specify the service endpoints in your connection string for the following reasons:
You have registered a custom domain name for your storage account with the Blob service.
You have a shared access signature for accessing storage resources.
Specifying a blob endpoint with a custom domain name
If you have registered a custom domain name for use with the Blob service, you may want to explicitly configure the blob endpoint in your connection string. The endpoint value that is listed in the connection string is used to construct the request URIs to the Blob service, and it dictates the form of any URIs that are returned to your code.
To create a connection string that specifies explicit endpoints, specify the complete service endpoint for each service, including the protocol specification (HTTP or HTTPS) by using the following format:
When you explicitly specify service endpoints, you have two options for specifying credentials. You can specify the account name and key (AccountName=myAccountName;AccountKey=myAccountKey), as shown in the previous section, or you can specify a shared access signature, as shown in the Specifying endpoints with a shared access signature section. If you are specifying the account name and key, the complete string format is:
You can specify endpoints for blob, table, and queue in a connection string. You must specify at least one endpoint, but you do not need to specify all three. For example, if you're creating a connection string for use with a custom blob endpoint, specifying the queue and table endpoints is optional. Note that if you choose to omit the queue and table endpoints from the connection string, then you will not be able to access the Queue and Table services from your code by using that connection string.
Specifying endpoints with a shared access signature
You can create a connection string with explicit endpoints to access storage resources via a shared access signature. In this case, you can specify the shared access signature for as part of the connection string, rather than the account name and key credentials. The shared access signature token encapsulates information about the resource to be accessed, the period of time for which it is available, and the permissions being granted. For more information about shared access signatures, see Delegating Access with a Shared Access Signature.
To create a connection string that includes a shared access signature, specify the string in the following format:
The endpoint can be either the default service endpoint or a custom endpoint. The
base64Signature corresponds to the signature portion of a shared access signature. The signature is an HMAC computed over a valid string-to-sign and key using the SHA256 algorithm, that is then Base64-encoded.