I create user delegated SAS token with this code:
var blobClient = new BlobServiceClient(blobUri, tokenCredential, null);
var userDelegationKey = await blobClient.GetUserDelegationKeyAsync(startDate, expiryDate);
This works fine until point when I need to BlobSasBuilder to create query string which can be used to access blobs:
var startDate = DateTimeOffset.UtcNow;
var expiryDate = DateTimeOffset.UtcNow.AddDays(1);
var sasBuilder = new BlobSasBuilder
{
Resource = "c",
StartsOn = startDate,
ExpiresOn = expiryDate,
};
sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.List | BlobSasPermissions.Write | BlobSasPermissions.Create | BlobSasPermissions.Delete | lobSasPermissions.Add);
Problem is that I always need to specify Resource as either blob (b) or container (c) (there are few other options not relevant to my case). I am modifying legacy application I need SAS token which can be used to access any resource under one storage account (I need SAS token which would not be tied to particular container or blob). Is such thing possible to do?
With the code above, you are creating a Service SAS which would always require you to specify resource type as either container (c) or blob (b).
If you wish to create a SAS token for entire storage account, you would need to create an Account SAS.
The correct class to build an account SAS is AccountSasBuilder.
However looking at the documentation, it seems it is not possible to use a user delegation key to create an account SAS. You would need to use account key for that purpose.