Managing the Azure Storage service
The data stored by the Azure Storage service must be secured against unauthorized access. To ensure this security, all storage operations against the Table and Queue services must be authenticated. Similarly, other than inquiry requests against public containers and blobs, all operations against the Blob service must also be authenticated. The Blob service supports public containers so that, for example, blobs that contain images can be downloaded directly into a web page anonymously, without any authentication.
Each storage account has a primary access key and secondary access key that can be used to authenticate operations against the storage service. When creating a request against the storage service, one of the keys is used along with various request headers to generate a 256-bit hash-based message authentication code (HMAC). This HMAC is added as an authorization request header to the request. On receiving the request, the Storage service recalculates...