Reputation: 6698
Why can't my app access by blob storage using this SAS token?
I am attempting to access a blob storage account and simply list the contents of a container using a SAS token. I am generating an access policy (according to this doc) and referencing that access policy within my access token as well.
Unfortunately, when my code attempts to run the ListBlobsSegmented function, I receive a 403 (Forbidden) error.
This is the code that attempts to get the listing of blobs:
string storageAccountName = "ringclone";
string containerName = "ringcentral-archives";
string authenticationKey = "?sv=2018-03-28&si=ringclone-access-policy&sr=c&sig=************************";
StorageCredentials creds;
CloudStorageAccount account;
CloudBlobClient blobClient;
CloudBlobContainer cloudBlobContainer;
creds = new StorageCredentials(authenticationKey);
account = new CloudStorageAccount(creds, storageAccountName, endpointSuffix: null, useHttps: true);
blobClient = account.CreateCloudBlobClient();
cloudBlobContainer = blobClient.GetContainerReference(containerName);
BlobContinuationToken blobContinuationToken = null;
var containerSegment = blobClient.ListBlobsSegmented("", blobContinuationToken); // 403 error;
And these are the steps I am using to generate an access policy and generate a SAS token that references that access policy:
- In the Azure Storage Explorer, I browse to blob storage and find the specific container I want to grant access to. I right-click and select "Manage Access Policies".
- I then provide all permissions to this policy, and provide an end date that is 20 years from now.
- After clicking "Save", I go back to my container list and right-click on that container once more and select "Get Shared Access Signature".
- Within the Shared Access Signature Dialog, I reference my access policy.
- Upon clicking "Create", I have my Shared Access Signature with an attached policy.
- I then simply copy/paste my storage account name, container name, and auth key into the code shown above. For the auth key, I use the "Query String" field shown in my SAS Signature dialog. For example:
Query String field is used as auth key, according to the docs
string storageAccountName = "ringclone";
string containerName = "ringcentral-archives";
string authenticationKey = "?sv=2018-03-28&si=ringclone-access-policy&sr=c&sig=************************"; // retrieved from the "Query String" field in storage explorer.
However, I am getting a 403 error when trying to list the blobs in my container. What am I doing wrong?
Upvotes: 1
Views: 2458
Answers (1)
Reputation: 12153
Try this code below in a console app:
using Microsoft.Azure.Storage.Auth;
using Microsoft.Azure.Storage.Blob;
using System;
namespace AzureStorageTest
{
class Program
{
static void Main(string[] args)
{
string storageAccountName = "<storage account name>";
string containerName = "<container name>";
string sasToken = "<sas token>";
StorageCredentials creds;
CloudBlobContainer cloudBlobContainer;
creds = new StorageCredentials(sasToken);
cloudBlobContainer = new CloudBlobContainer(new Uri("https://"+ storageAccountName + ".blob.core.windows.net/"+ containerName), creds);
BlobContinuationToken blobContinuationToken = null;
var blobs = cloudBlobContainer.ListBlobsSegmented("", blobContinuationToken);
foreach (var blob in blobs.Results) {
Console.WriteLine(blob.Uri);
}
Console.ReadKey();
}
}
}
Result :
Hope it helps
Upvotes: 1
Related Questions
- How to use SAS Token to connect to Azure BlobStorage from C#?
- Azure SAS token for blob storage account not working
- Azure Blob SAS Url returned from API authentication failed .net core
- CloudStorageAccount with StorageCredentials of SAS token
- Azure Blob Storage SAS Token not formed properly .NET
- Azure SAS Token not working with Azure.Storage.Blobs BlobServiceClient
- Azure Blob Storage Sas Error: AuthenticationFailed
- Azure Blob Storage authentication error creating SAS for blob in sub-folder
- Azure Storage SAS AuthenticationFailed
- Azure Blob 403 Forbidden using SAS to create and use BlobContainer