c#azure-blob-storageaccess-keyssas-token
Using C#, how do I retrieve SAS token for account key to access (read/write/delete, etc..) blob storage?
How do I rewrite this code used for User delegation to account key?
public async Task<string> GetBlobSASToken(string containerName)
{
_logger.LogInformation($"Initial Load Worker called Blob SAS Token creation.");
try
{
DbConnectionStringBuilder dbConnectionStringBuilder = new DbConnectionStringBuilder();
dbConnectionStringBuilder.ConnectionString = _config.BlobStorageConnectionString;
var azureStorageAccount = dbConnectionStringBuilder["AccountName"].ToString();
var azureStorageAccessKey = dbConnectionStringBuilder["AccountKey"].ToString();
Azure.Storage.Sas.BlobSasBuilder blobSasBuilder = new Azure.Storage.Sas.BlobSasBuilder()
{
BlobContainerName = containerName,
Protocol = SasProtocol.Https,
Resource = "c",
StartsOn = DateTimeOffset.UtcNow.AddDays(-1),
ExpiresOn = DateTimeOffset.UtcNow.AddDays(3),
};
blobSasBuilder.SetPermissions(
Azure.Storage.Sas.BlobSasPermissions.Read |
Azure.Storage.Sas.BlobSasPermissions.Add |
Azure.Storage.Sas.BlobSasPermissions.Create |
Azure.Storage.Sas.BlobSasPermissions.Write |
Azure.Storage.Sas.BlobSasPermissions.Delete |
Azure.Storage.Sas.BlobSasPermissions.List |
Azure.Storage.Sas.BlobSasPermissions.SetImmutabilityPolicy
);
var sasToken = blobSasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(azureStorageAccount,
azureStorageAccessKey)).ToString();
return sasToken;
}
catch (Exception ex)
{
_logger.LogError(ex, $"Inital Load Worker has error when creating a SAS token for Initial Load Worker.");
throw;
}
}
Unfortunately, I can't use user delegation:
Solution
Using C#, how do I retrieve the SAS token for the account key to access (read/write/delete, etc..) blob storage
You can follow this Document to create a blob sas token using the account key.
You can use the below code to create a blob sas token with an account key using C#.
Code:
using Azure.Storage;
using Azure.Storage.Blobs;
using Azure.Storage.Sas;
namespace SAStoken
{
class Program
{
private static void Main()
{
var AccountName = "venkat123";
var AccountKey = "<Your-account-key>";
var containerName = "test";
var blobName = "flatted.jpg";
StorageSharedKeyCredential key = new StorageSharedKeyCredential(AccountName, AccountKey);
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri($"https://{AccountName}.blob.core.windows.net"), key);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blobClient = containerClient.GetBlobClient(blobName);
var sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerName,
BlobName = blobName,
Resource = "b", // b for blob, c for container
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
};
sasBuilder.SetPermissions(BlobSasPermissions.All); // All permissions like(Read,write,add,list,create,SetImmutabilityPolicy,delete)
var Sas = sasBuilder.ToSasQueryParameters(key).ToString();
var sasuri = blobClient.Uri.AbsoluteUri + "?" + Sas;
Console.WriteLine(sasuri);
}
}
}
Output:
https://venkat123.blob.core.windows.net/test/flatted.jpg?sv=2021-10-04&st=2023-05-13T05%3A00%3A38Z&se=2023-05-13T09%3A00%3A38Z&sr=b&sp=racwdxyltmei&sig=xxxxxxxxxxxx
Browser:
If you need to create a SAS token using user-delegation you need "Storage blob data contributor role".