Written by Altınok Darıcı on 06 - Dec - 2014

Microsoft Azure Blob Storage: Temporary Access URL

We want to create a temporary Url to access a private blob. It is so simple, access blob using sdk and get GetSharedAccessSignature using an instance of SharedAccessBlobPolicy, then combine the url of blob and sas. The combined url is a temporary url to access a private blob.

CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConfigurationManager.AppSettings.Get("StorageConnectionString"));
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("container1");
CloudBlockBlob blockBlob = container.GetBlockBlobReference("a.png");

var sas = blockBlob.GetSharedAccessSignature(new SharedAccessBlobPolicy()
{
   Permissions = SharedAccessBlobPermissions.Read,
   SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15),
});
string sasUrl = string.Format(CultureInfo.InvariantCulture, "{0}{1}", blockBlob.Uri, sas);

As you see in above code, I set the Permission and SharedAccessExpiryTime. You can assign Permission to Read, Write, List, Delete. You can set SharedAccessStartTime, If you don't set it, shared access signature became valid immediately.

So sasUrl is generated. This url became valid immediately and expire after 15 minutes.

sasUrl = https://fsystem.blob.core.windows.net/container1/a.png?sv=2014-02-14&sr=b&sig=uiEOF4Z8x%2BbORvycxcdXQZ04ueER0x117gEay0RAQys%3D&se=2014-12-07T18%3A46%3A29Z&sp=r

The url contains several parameters and blob url.

sv: storage service version

sr: resource, b is blob.

sig: signature

se: expiry time in ISO 8061 format.

sp: permission, r is read

comments powered by Disqus