there is an API that looks like:
https://{storage-account-name}.file.windows.net/{name(no suffix, may be a folder)}?sv={Date}&ss=f&srt=o&sp=rwl&se={Date}T{Time}Z&st={Date}T{Time}Z&spr=http&sig={token}
I want to access, read or download the file with this SAS URI somehow.
I tried to connect the SAS with Azure storage explorer, but it showed that
"The SAS cannot be used to connect to a storage account. An account SAS with at least service-level access ('srt=s') is required."
I tried to add "s" in the "srt" but apparently it is not working, Server failed to authenticate the request.
I also tried azcopy:
azcopy copy "https://<storage-account-name>.file.windows.net/<name(no suffix, may be a folder)>?sv=<Date>&ss=f&srt=o&sp=rwl&se=<Date>T<Time>Z&st=<Date>T<Time>Z&spr=http&sig=<token>" "C:\Users\<User>\Desktop" --recursive --preserve-smb-permissions=true --preserve-smb-info=true
but it returned an error showing:
"403 This request is not authorized to perform this operation using this resource type."
I also want to try Get-AzStorageFileContent with Azure Powershell, but I don't know how to get the path with SAS URI.
With the SAS Token you have, you won't be able to download the files.
Here are the reasons for that:
signed resource type (srt) should have container (c) permission. Currently it only has object (o) permission which enables you to directly work with the files (that's why I asked that question in comment).You simply cannot change the SAS URL and add container permission in signed resource type. This is because the signature (sig) portion of the SAS URL is calculated based on the permissions when SAS Token was created. This is why you are getting 403 error when you manually changed the SAS URL.
Solution to your problem is to request a new SAS URL with signed resource type as both container and object (it should look like srt=co. Then you will be able to list the files in the file share (because of container) and read/download the file (because of object).