Azure Storage: How to generate a SAS connection string using .NET SDK
Question
I'm currently generating SAS tokens using the Microsoft.WindowsAzure.Storage.CloudStorageAccount class like so:
var cloudStorageAccount = // create a new CloudStorageAccount
var sharedAccessAccountPolicy = new SharedAccessAccountPolicy
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Protocols = SharedAccessProtocol.HttpsOnly
};
var token = cloudStorageAccount.GetSharedAccessSignature(sharedAccessAccountPolicy);
However, this returns a token with a ? in front and does not include the blob endpoint. I was looking at this documentation and noticed a SAS looks like below:
BlobEndpoint=https://storagesample.blob.core.windows.net;
SharedAccessSignature=sv=2015-04-05&sr=b&si=tutorial-policy-635959936145100803&sig=9aCzs76n0E7y5BpEi2GvsSv433BZa22leDOZXX%2BXXIU%3D
What's neat about this is that I can use it as a connection string to directly initialize a BlockBlobClient .
How can I generate my token in the above format? I can parse my own and remove the ? and then add the BlobEndpoint and SharedAccessSignature keys, but this is manual work and may not function properly in the future. Is there an SDK method that creates a SAS in the format that's shown on Microsoft's documentation?
2 answers
solution1
1 ACCPTED 2020-12-31 14:47:16
I believe you are using WindowsAzure.Storage library. This library is deprecated.
https://www.nuget.org/packages/WindowsAzure.Storage/
The recommended library to use is https://www.nuget.org/packages/Azure.Storage.Blobs (v12)
With the v12 library, I was able to get a SASUri for a particular blob and create a BlobClient using the SASUri to download that blob without a need for string formatting.
BlobClient blobClient = new BlobClient("storage account conn string", "container name", "blob name");
BlobSasBuilder blobSasBuilder = new BlobSasBuilder(BlobSasPermissions.Write | BlobSasPermissions.Read, DateTimeOffset.Now.AddDays(1))
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name
};
var sasuri = blobClient.GenerateSasUri(blobSasBuilder);
var blobClientWithSasUri = new BlobClient(sasuri);
using (var fileStream = System.IO.File.OpenWrite(@"path to download"))
{
blobClientWithSasUri.DownloadTo(fileStream);
}
solution2
0 2020-12-31 14:18:15
It seems that you use this sample to create an account SAS. It returns the value of SharedAccessSignature .
And there is no SDK to get the SAS token format mentioned above, even the latest SDK(azure.storage.blobs 12.7.0). I tried azure.storage.blobs and it returned the SharedAccessSignature without '?'. I'm afraid you need to format by yourself.
Console.WriteLine($"BlobEndpoint=https://{accountName}.blob.core.windows.net;SharedAccessSignature={sasToken}");
I don't understand why it needs to be changed to this format. If you just use sas token in the next step, the default result can work well.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.