Reputation: 207
I am using Azure.Storage.Blobs v12.1.0
library. I am generating a Blob Level SAS token using user delegation with Azure Service Principal Credentials, and trying to upload a blob using SAS Token generated.
I have followed exactly this code sample from Azure to generate the SAS Token.
Here is the code I am using to create SAS Token :
string blobEndpoint = string.Format("https://{0}.blob.core.windows.net", storageProviderSettings.AccountName);
TokenCredential credential =
new ClientSecretCredential(
storageProviderSettings.TenantId,
storageProviderSettings.ClientId,
storageProviderSettings.ClientSecret,
new TokenCredentialOptions());
BlobServiceClient blobServiceClient = new BlobServiceClient(new Uri(blobEndpoint),
credential);
BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(containerName);
BlobClient blobClient = containerClient.GetBlobClient(blobName);
var delegationKey = await blobServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7));
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerName,
BlobName = blobName,
Resource = "b",
StartsOn = DateTimeOffset.UtcNow,
ExpiresOn = DateTimeOffset.UtcNow.AddSeconds(expirySeconds)
};
sasBuilder.SetPermissions(BlobSasPermissions.All);
// if (withDownloadAccess) {
// sasBuilder.SetPermissions(BlobSasPermissions.Read);
// }
// if (withDeleteAccess) {
// sasBuilder.SetPermissions(BlobSasPermissions.Delete);
// }
Console.WriteLine(sasBuilder.Permissions);
var sasQueryParams = sasBuilder.ToSasQueryParameters(delegationKey, storageProviderSettings.AccountName).ToString();
UriBuilder sasUri = new UriBuilder()
{
Scheme = "https",
Host = string.Format("{0}.blob.core.windows.net", storageProviderSettings.AccountName),
Path = string.Format("{0}/{1}", containerName, blobName),
Query = sasQueryParams
};
BlobServiceClient service = new BlobServiceClient(sasUri.Uri);
await service.GetPropertiesAsync();
Settings tmpUploadCredentials = CreateTemporaryAzureStorageProviderSettings(sasUri, storageProviderSettings);
Console.WriteLine(tmpUploadCredentials.ConnectionString);
return tmpUploadCredentials;
The SAS Token is created and the Get Blob is working perfectly fine if i keep it in browser but using the BlobServiceClient
if i am trying to upload the file or perform any action it is now working.
To check if it is authenticated or not i have written this line await service.GetPropertiesAsync();
which is throwing the following error:
Any Help would be greatly appreciated.
Upvotes: 3
Views: 6993
Reputation: 23141
According to my test, service.GetPropertiesAsync();
is an action on account. It means that it will call the Get Blob Service Properties rest api to get the properties of the account's blob service. However, when you create BlobServiceClient
, you provide the blob url. The blob do not support the action. So you will get the error. It will want to to get the properties of a blob, please call the api. So, please update your code as following code
BlobClient blobClient = new BlobClient(sasUri, null);
blobClient.GetPropertiesAsync();
For more details, please refer to https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-dotnet#get-the-user-delegation-key
Upvotes: 5