Azure SDK .NET - Delete blobs in batch using SAS

Question

I have a Blob Container SAS with Add/Create/Write/Delete permissions (no Read, no List). And I need to delete blobs in this container in a batch:

try
{
    string sasToken = "sv=2023-0103&si=wd&sr=c&sig=blah-blah-blah";

    BlobContainerClient contClient = new(CreateContainerUrl(container), new AzureSasCredential(sasToken));
    BlobBatchClient batchClient = new(contClient);
    await batchClient.DeleteBlobsAsync(blobUris);
}
catch (Exception ex)
{
    _logger.LogError(ex, "Failed to delete multiple blobs in \"{0}\" container", container);
    throw;
}

But I get an error:

Status: 403 (This request is not authorized to perform this operation using this permission.)

ErrorCode: AuthorizationPermissionMismatch

What am I doing wrong?

Answer 1

Status: 403 (This request is not authorized to perform this operation using this permission.)

The above error occurs when you don't proper permission or incorrect SAS token to access the storage account.

In my storage account, I stored some files with container name test.

Portal:

Now, I created Access policy with name sample1 with permission Add/Create/Write/Delete.

Portal:

Now, I generated SAS token using Access policy using portal.

Portal:

Now, using the below code I can able to delete the blobs using SAS token.

Code:

using Azure;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Specialized;
using Microsoft.Extensions.Logging;

public class BlobDeletionService
{
    private readonly ILogger<BlobDeletionService> _logger;

    public BlobDeletionService(ILogger<BlobDeletionService> logger)
    {
        _logger = logger;
    }

    public async Task DeleteBlobsAsync(string sasToken, string containerUrl, List<Uri> blobUris)
    {
        try
        {
            BlobContainerClient contClient = new BlobContainerClient(new Uri(containerUrl), new AzureSasCredential(sasToken));

            BlobBatchClient batchClient = new BlobBatchClient(contClient);

            await batchClient.DeleteBlobsAsync(blobUris);
        }
        catch (Exception ex)
        {
            _logger.LogError(ex, "Failed to delete multiple blobs in \"{0}\" container", containerUrl);
            throw;
        }
    }
}
   
public class Program
{
    private static async Task Main(string[] args)
    {
        using var loggerFactory = LoggerFactory.Create(builder =>
        {
            builder.AddConsole();
        });
        ILogger<BlobDeletionService> logger = loggerFactory.CreateLogger<BlobDeletionService>();
  
        string sasToken = "st=2024-06-06T05:18:31Z&se=2024-06-06T13:18:31Z&si=sample1&spr=https&sv=2022-11-02&sr=c&sig=HDvVDqokkxxxcbxxxxxD";
        string containerUrl = "https://venkat123.blob.core.windows.net/test";

        List<Uri> blobUris = new List<Uri>
        {
            new Uri("https://venkat123.blob.core.windows.net/test/sample2.ps1"),
            new Uri("https://venkat123.blob.core.windows.net/test/industry.csv.gpg")
        };

        BlobDeletionService deletionService = new BlobDeletionService(logger);
        await deletionService.DeleteBlobsAsync(sasToken, containerUrl, blobUris);
    }
}

The above code executed and deleted the two blobs in my environment.

Portal:

Reference: Azure Storage Blobs Batch client library for .NET - Azure for .NET Developers | Microsoft Learn