Shared Access Signatures

Hello everybody,

today I want to write few words about Shared Access Signature for blob storage in Azure.

First of all, I'd like to point that SAS is token, that provides access to blog item. And it has very interesting features. For example:

  1. You can give access which will start from some date time and finish at some date time.
  2. Limit access by IP addresses
  3. Allow file to be accessed by Https protocol or Https and Http.
  4. You can assign permissions to it. For example Read, Write, Delete, List, Add, Create, Update, Process.

Pretty cool? I think yes.

And one of the cool features is that you can create SAS in C# code.

For example you can do it like this:

  1. Create in your class member that connects to CloudBlobClient:
public class FileStore
    CloudBlobClient cloudBlobClient;
    string baseUri = "";
    public FileStore()
        var credentials = new StorageCredentials("yourAccountName""yourKey");
        cloudBlobClient = new CloudBlobClient(new Uri(baseUri), credentials);

2. Create method that will give you sharable Url:

public string GetUriForNext20Minutes(string imageId)
    var sharedAccessBlobPolicy = new SharedAccessBlobPolicy
        Permissions = SharedAccessBlobPermissions.Read,
        SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-20),
        SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(20)
    var container = cloudBlobClient.GetContainerReference("files");
    var blob = container.GetBlockBlobReference(imageId);
    var sas = blob.GetSharedAccessSignature(sharedAccessBlobPolicy);
    return $"{baseUri}files/{imageId}{sas}";

No Comments

Add a Comment