Azure Container: SetPermissions works after few seconds

Question

I have two function: GrantSASAccess and RevokeSASAccess. I grant access (by generating SAS) to upload file to blob. When user declares "Ok, I'm done!" I Revoke SAS Access. But... after Revoke SAS for a moment User has still access to upload file. Only after 3-5 seconds it blocks properly. Why is so that? How to prevent this?

    public async Task GrantSASAccess(CloudBlobContainer container)
    {
        BlobContainerPermissions permissions = await container.GetPermissionsAsync();
        permissions.SharedAccessPolicies[container.Name] = new SharedAccessBlobPolicy()
        {
            Permissions = SharedAccessBlobPermissions.Write,
            SharedAccessExpiryTime = _dateTimeService.GetUtcNow().AddMinutes(Core.ConfigurationHelper.GetSASExpirationTime())
        };

        await container.SetPermissionsAsync(permissions);
    }

    public async Task RevokeSASAccess(StorageCredentials storageCredentials, string containerName, string policyName)
    {
        CloudBlobContainer container = GetContainerReference(storageCredentials, containerName);
        BlobContainerPermissions permissions = container.GetPermissions();
        permissions.SharedAccessPolicies.Remove(containerName);

        await container.SetPermissionsAsync(permissions);
    }

Answer 1

I'm not 100% sure if storage doesn't take some time to propagate that change. But are you sure you are counting that 3-5 sec after the async task is finished? Maybe if you want to make sure that call is finished wait for result with:

var task = container.SetPermissionsAsync(permissions);
task.Wait();

Your API is no longer async though.

Answer 2

It can take up to 30 seconds for changes to the container SAS policies to take effect. This applies both to establishing a new policy and to revoking an existing policy. The same is true if you regenerate your storage account keys -- the change takes up to 30 seconds to take effect.