Reputation: 2433
Windows Azure Stored Access Policy Remove
I want to download blobs using Shared access signatures, SAS.
I also want to be able to remove active SAS URI's and, if I understand it correctly, I must use Stored Access Policy for this.
What confuses me is how I can remove a policy. I also read you can only have 5 stored access policies active?
My goal here is to be able to remove an active SAS URI. The only way I can think of accomplishing this is to remove the policy that the SAS URI is linked with, right? If I have over hundreds of files in my blob storage, how in the world can I make this work? I can't have one policy for each blob right? 5 is the maximum policies?
This code demonstrates how I add a policy and how I create a SAS URI that uses this policy, which users can download from.
static void CreateSharedAccessPolicy(CloudBlobContainer container)
{
//Create a new stored access policy and define its constraints.
SharedAccessBlobPolicy sharedPolicy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(10),
Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.List
};
//Get the container's existing permissions.
BlobContainerPermissions permissions = new BlobContainerPermissions();
//Add the new policy to the container's permissions.
permissions.SharedAccessPolicies.Clear();
permissions.SharedAccessPolicies.Add("PolicyName", sharedPolicy);
container.SetPermissions(permissions);
}
static string GetBlobSasUriWithPolicy(CloudBlobContainer container, string policyName)
{
//Get a reference to a blob within the container.
CloudBlockBlob blob = container.GetBlockBlobReference("file_name");
//Generate the shared access signature on the blob.
string sasBlobToken = blob.GetSharedAccessSignature(null, "PolicyName");
//Return the URI string for the container, including the SAS token.
return blob.Uri + sasBlobToken;
}
One last question, how do I remove a policy? Is it as simple as:
permissions.SharedAccessPolicies.Remove("PolicyName");
Upvotes: 2
Views: 2121
Answers (1)
Reputation: 136306
My goal here is to be able to remove an active SAS URI. The only way I can think of accomplishing this is to remove the policy that the SAS URI is linked with, right?
Partly correct. Removing the access policy is one way to do it. Other would be to change the name of the policy (policy identifier). For example if the policy identifier is mypolicy then changing it to mypolicy1 would have the same effect as removing the policy.
If I have over hundreds of files in my blob storage, how in the world can I make this work?
As you may already know, access policy is defined at the blob container level and not at the blob level. Removing/invalidating an access policy would make invalidate SAS URL for all blobs in that container.
I can't have one policy for each blob right? 5 is the maximum policies?
That is correct.
One last question, how do I remove a policy? Is it as simple as: permissions.SharedAccessPolicies.Remove("PolicyName");
That is correct. Make sure you save it back though. You can use something like:
var cloudStorageAccount = CloudStorageAccount.DevelopmentStorageAccount;
var blobClient = cloudStorageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference("container-name");
var containerPermissions = container.GetPermissions();
containerPermissions.SharedAccessPolicies.Remove("access-policy-id");
container.SetPermissions(containerPermissions);
Upvotes: 3
Related Questions
- Can't delete Azure Policy assignment using Azure CLI
- Can you create / delete / update stored access policies if running as a Managed Identity?
- How to Delete Azure Active Directory?
- Remove user from Azure subscription
- Unable to remove Azure storage accounts
- remove azure storage account with powershell
- Delete Azure Active Directory
- Deleting Azure Storage
- cannot delete Storage account
- How to remove current storage account from Azure Subscription?