Getting a user delegation SAS for a blob

Question

I'm new to c#, as I'm working on an Azure function that generates SAS token for a blob storage, and some other tasks.

the below piece of code I found on Microsoft for generating a SAS token. However, I don't know how to use it properly, as I don't know what is the BlobClient object that i should pass through its parameter, and from where I should call it to execute its task (from the Main method or where?), and how should I use the return value of this function.

I need someone to give me better understanding on this on this function to be able to use it properly.

Thanks in advance!

async static Task<Uri> GetUserDelegationSasBlob(BlobClient blobClient)
        {
            BlobServiceClient blobServiceClient =
                blobClient.GetParentBlobContainerClient().GetParentBlobServiceClient();

            // Get a user delegation 
            Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey =
                await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow,
                                                                  DateTimeOffset.UtcNow.AddDays(7));

            // Create a SAS token that's also valid for 7 days.
            BlobSasBuilder sasBuilder = new BlobSasBuilder()
            {
                BlobContainerName = blobClient.BlobContainerName,
                BlobName = blobClient.Name,
                Resource = "b",
                StartsOn = DateTimeOffset.UtcNow,
                ExpiresOn = DateTimeOffset.UtcNow.AddDays(7)
            };

            // Specify read and write permissions for the SAS.
            sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write);

            // Add the SAS token to the blob URI.
            BlobUriBuilder blobUriBuilder = new BlobUriBuilder(blobClient.Uri)
            {
                // Specify the user delegation key.
                Sas = sasBuilder.ToSasQueryParameters(userDelegationKey,
                                                      blobServiceClient.AccountName)
            };

            Console.WriteLine("Blob user delegation SAS URI: {0}", blobUriBuilder);
            Console.WriteLine();
            return blobUriBuilder.ToUri();
        }

Answer 1

The GetUserDelegationSasBlob method generates a user delegation SAS token for a blob in Azure Blob Storage.

The method takes a BlobClient object as a parameter, which represents the blob for which you want to generate the SAS token.

Check whether you have installed the Azure.Storage.Blobs NuGet package and added the using statements at the top of your code.

The below namespaces to be used in the code to avoid errors.

using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Specialized;
using Azure.Storage.Sas;

In the Azure function you need to call like below code

MyClassname.MethodName();

BlobClient bc;
Task<Uri> task = SomeClass.GetUserDelegationSasBlob(bc); 

Used the same code in a different class.

Debugged the code without errors.

The method first gets a reference to the BlobServiceClient object, which represents the Blob Storage endpoint for your storage account. It requests a user delegation key by calling the GetUserDelegationKeyAsync method on the BlobServiceClient object. The user delegation key is used to sign the SAS token.

The method creates a BlobUriBuilder object and adds the SAS token to the blob URI. The method returns the URI of the blob with the SAS token.

You can use the returned URI to access the blob with the SAS token.

Create a user delegation SAS using PowerShell.

az storage blob generate-sas \
    --account-name <storage-account> \
    --container-name <container> \
    --name <blob> \
    --permissions acdrw \
    --expiry <date-time> \
    --auth-mode login \
    --as-user \
    --full-uri

For more information on User-delegation-sas.