Reputation: 36101
Using SAS token to upload Blob content
I'm having difficulty in using a Blob SAS token to write a file to a Blob in Azure via Powershell.
The code I'm using to generate the SAS token is:
$storageContext = Get-AzureRmStorageAccount -ResourceGroupName $resourceGroup -Name $storageName
$token = New-AzureStorageBlobSASToken -Container $conName -Context $storageContext.Context -Blob $blobName -ExpiryTime $expiry -Permission rw -FullUri
This generates a token as expected: https://name.blob.core.windows.net/container/test.json?sv=2015-04-05&sr=b&sig=abc123&se=2017-03-07T12%3A58%3A52Z&sp=rw
If I use this in the browser it's working fine and downloading the file as expected. However, I can't use this to upload a file. Whenever I try I'm receiving a (403) Forbidden. The code I'm using to upload is:
$accountContext = New-AzureStorageContext -SasToken $sasToken
Get-AzureStorageContainer -Context $accountContext.Context | Set-AzureStorageBlobContent -File $blobFile
I've successfully been using a method similar to this to set Blob content after making a call to Add-AzureRmAccount to authenticate.
I've also tried to use a Container SAS token but I keep getting a 403 error with that.
The fact that the token works for a read leads me to believe that I'm missing something in my Powershell script - can anyone shed any light on what that is?
Upvotes: 1
Views: 4224
Answers (1)
Reputation: 136266
The fact that the token works for a read leads me to believe that I'm missing something in my Powershell script - can anyone shed any light on what that is?
I believe the problem is with the following line of code:
Get-AzureStorageContainer -Context $accountContext.Context
Two things here:
- This cmdlet tries to list the blob containers in your storage account. In order to list blob containers using SAS, you would need an
Account SASwhere as the SAS you're using is aContainer SAS. - Your SAS only has
ReadandWritepermission. For listing containers, you would needListpermission as well.
I would recommend simply using Set-AzureStorageBlobContent Cmdlet and provide necessary information to it instead of getting the container name through pipeline.
Set-AzureStorageBlobContent -File $blobFile -Container $conName -Context $accountContext.Context -Blob $blobName
Upvotes: 4
Related Questions
- Azure SAS Token for a specific file
- Using Only a SAS Token To Upload in PowerShell
- Connect and update Azure Blob with Blob-specific SAS Token
- How to connect Azure Blob storage through sasTokenUri?
- Azure SAS Token not working with Azure.Storage.Blobs BlobServiceClient
- Create a SAS token for Specific blob and not other blob in same storage account
- Powershell connect to Azure blob using SAS instead of key
- Azure Powershell - How to upload file to Blob Storage using "write-only" shared access signature (SAS)?
- How to create SAS token to list\delete blobs
- Can't upload BLOB with SAS Token