Last week I was faced with this exact problem in the title. As I was migrating an existing Silverlight application to run on Azure, I wanted to have a solution to the requirement that stated that the users must be able to upload files to the server and view them in the application. Previously, those files were uploaded to the server and stored in a file folder specified in the application configuration, typically located on a shared drive accessible by all servers in the web farm, thus any request to any server can access the same file using the same absolute physical and virtual path. Of course, this solution does not work on Azure web roles, as those servers can be reimaged at any point. As a result I decided to use Azure Blob Storage for uploads.
To add more security, I made this two-step process. The file is uploaded to an ashx based Http handler, which could read the credentials from the configuring file and upload the file to Azure blob storage. This part was quite easy, as there are many samples on how to use Azure SDK from .NET applications.
Then I discovered that I could not see those files. It was due to our old friend, cross domain security problem. I knew I needed to add clientaccesspolicy.xml somewhere, but I did not know to do it. Quick search found this excellent post on MSDN. It had exact bit I needed – creating secret $root container. Once that was done instead of writing a utility I simply uploaded my existing clientaccesspolicy.xml into that container using myAzureStorage – https://www.myazurestorage.com. The whole solution just worked after that.
Thanks and enjoy.