0

enter image description here

How do I rewrite this code used for User delegation to account key?

 public async Task<string> GetBlobSASToken(string containerName)
    {
        _logger.LogInformation($"Initial Load Worker called Blob SAS Token creation.");
        try
        {
            DbConnectionStringBuilder dbConnectionStringBuilder = new DbConnectionStringBuilder();
            dbConnectionStringBuilder.ConnectionString = _config.BlobStorageConnectionString;

            var azureStorageAccount = dbConnectionStringBuilder["AccountName"].ToString();
            var azureStorageAccessKey = dbConnectionStringBuilder["AccountKey"].ToString();

            Azure.Storage.Sas.BlobSasBuilder blobSasBuilder = new Azure.Storage.Sas.BlobSasBuilder()
            {
                BlobContainerName = containerName,
                Protocol = SasProtocol.Https,
                Resource = "c",
                StartsOn = DateTimeOffset.UtcNow.AddDays(-1),
                ExpiresOn = DateTimeOffset.UtcNow.AddDays(3),
                  
            };
            blobSasBuilder.SetPermissions(
                Azure.Storage.Sas.BlobSasPermissions.Read |
                Azure.Storage.Sas.BlobSasPermissions.Add |
                Azure.Storage.Sas.BlobSasPermissions.Create |
                Azure.Storage.Sas.BlobSasPermissions.Write |
                Azure.Storage.Sas.BlobSasPermissions.Delete |
                Azure.Storage.Sas.BlobSasPermissions.List |
                Azure.Storage.Sas.BlobSasPermissions.SetImmutabilityPolicy
                );

            var sasToken = blobSasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(azureStorageAccount,
                azureStorageAccessKey)).ToString();

            return sasToken;
        }
        catch (Exception ex)
        {
            _logger.LogError(ex, $"Inital Load Worker has error when creating a SAS token for Initial Load Worker.");
            throw;
        }
    }

Unfortunately, I can't use user delegation:

enter image description here

Chaka
  • 1,709
  • 11
  • 33
  • 58
  • Not sure I understand the question. You are using account key to generate SAS URL in your code. – Gaurav Mantri May 12 '23 at 19:33
  • If you look at the first image and look at the highlighted block in yellow. Depending what you pick, a different type of token is created via azure manually. – Chaka May 12 '23 at 21:19

1 Answers1

1

Using C#, how do I retrieve the SAS token for the account key to access (read/write/delete, etc..) blob storage

You can follow this Document to create a blob sas token using the account key.

You can use the below code to create a blob sas token with an account key using C#.

Code:

using Azure.Storage;
using Azure.Storage.Blobs;
using Azure.Storage.Sas;
namespace SAStoken
{
    class Program
    {
        private static void Main()
        {
            var AccountName = "venkat123";
            var AccountKey = "<Your-account-key>";
            var containerName = "test";
            var blobName = "flatted.jpg";
            StorageSharedKeyCredential key = new StorageSharedKeyCredential(AccountName, AccountKey);
            BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri($"https://{AccountName}.blob.core.windows.net"), key);
            BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
            BlobClient blobClient = containerClient.GetBlobClient(blobName);

            var sasBuilder = new BlobSasBuilder()
            {
                BlobContainerName = containerName,
                BlobName = blobName,
                Resource = "b", // b for blob, c for container
                StartsOn = DateTimeOffset.UtcNow,
                ExpiresOn = DateTimeOffset.UtcNow.AddHours(4),
            };
            sasBuilder.SetPermissions(BlobSasPermissions.All); // All permissions like(Read,write,add,list,create,SetImmutabilityPolicy,delete)
            var Sas = sasBuilder.ToSasQueryParameters(key).ToString();
            var sasuri = blobClient.Uri.AbsoluteUri + "?" + Sas;
            Console.WriteLine(sasuri);
        }

    }
}

Output:

https://venkat123.blob.core.windows.net/test/flatted.jpg?sv=2021-10-04&st=2023-05-13T05%3A00%3A38Z&se=2023-05-13T09%3A00%3A38Z&sr=b&sp=racwdxyltmei&sig=xxxxxxxxxxxx

enter image description here

Browser: enter image description here

If you need to create a SAS token using user-delegation you need "Storage blob data contributor role".

Venkatesan
  • 3,748
  • 1
  • 3
  • 15
  • 1
    I was a little confused on terminology and what I needed, but this code was perfect. It resolved my issue. Thank you so much!!!! – Chaka May 15 '23 at 13:51