Azure-sdk-for-net: [QUERY] How to create a SAS Uri with v12

Created on 15 Nov 2020 · 8Comments · Source: Azure/azure-sdk-for-net

Query/Question
Hi, I am porting my old v11 code to v12 and I find very unconvenient to generate SAS Uris with the new API. Old code was very simple:

``` var account = CloudStorageAccount.Parse(connectionString);
var serviceClient = account.CreateCloudBlobClient();
var containerClient = serviceClient.GetContainerReference(containerName);
var blobClient = containerClient.GetBlockBlobReference(blobName);

        var sasUri = blobClient.Uri + blobClient.GetSharedAccessSignature(new SharedAccessBlobPolicy()
        {
            SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
            Permissions = SharedAccessBlobPermissions.Read |
                          SharedAccessBlobPermissions.Delete
        });


Given a blob client, I was able to get a SAS Uri without having to get the account key from the connection string, which was very conenient given that if the connection string was "UseDevelopmentStorage=true".
If I am correct the new API requires to call ToSasQueryParameters() and provide a StorageSharedKeyCredential built from account name and account key. This requires me to parse the connection string, but I don't know exactly what to do with "UseDevelopmentStorage=true". The new code is:

```         var serviceClient = new BlobServiceClient(connectionString);
            var containerClient = serviceClient.GetBlobContainerClient(containerName);
            var blobClient = containerClient.GetBlobClient(blobName);

            BlobSasBuilder sasBuilder = new BlobSasBuilder(BlobSasPermissions.Read | BlobSasPermissions.Delete, DateTimeOffset.UtcNow.AddHours(24))
            {
                BlobContainerName = containerClient.Name,
                BlobName = blobName,
                Resource = "b",
            };
            string sasBlobToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(serviceClient.AccountName, "<ACCOUNT KEY HERE, WHAT IF UseDevelopmentStorage=true?>")).ToString();

            var sasUri= blobClient.Uri + "?" + sasBlobToken;

Is there a way to get the StorageSharedKeyCredential directly from a BlobServiceClient?

Thanks!

Client Service Attention Storage customer-reported needs-team-attention question

Source

bragma

All 8 comments

I have to beg pardon since the question has already been presented here and also here but both issues are more than 6 months old and have NOT been addressed yet...

bragma on 16 Nov 2020

Thank you for your feedback. Tagging and routing to the team best able to assist.

jsquire on 16 Nov 2020

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

Issue Details

Description:	Query/Question Hi, I am porting my old v11 code to v12 and I find very unconvenient to generate SAS Uris with the new API. Old code was very simple: ``` var account = CloudStorageAccount.Parse(connectionString); var serviceClient = account.CreateCloudBlobClient(); var containerClient = serviceClient.GetContainerReference(containerName); var blobClient = containerClient.GetBlockBlobReference(blobName); `var sasUri = blobClient.Uri + blobClient.GetSharedAccessSignature(new SharedAccessBlobPolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Permissions = SharedAccessBlobPermissions.Read \| SharedAccessBlobPermissions.Delete });` Given a blob client, I was able to get a SAS Uri without having to get the account key from the connection string, which was very conenient given that if the connection string was "UseDevelopmentStorage=true". If I am correct the new API requires to call ToSasQueryParameters() and provide a StorageSharedKeyCredential built from account name and account key. This requires me to parse the connection string, but I don't know exactly what to do with "UseDevelopmentStorage=true". The new code is: ``` var serviceClient = new BlobServiceClient(connectionString); var containerClient = serviceClient.GetBlobContainerClient(containerName); var blobClient = containerClient.GetBlobClient(blobName); BlobSasBuilder sasBuilder = new BlobSasBuilder(BlobSasPermissions.Read \| BlobSasPermissions.Delete, DateTimeOffset.UtcNow.AddHours(24)) { BlobContainerName = containerClient.Name, BlobName = blobName, Resource = "b", }; string sasBlobToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(serviceClient.AccountName, "<ACCOUNT KEY HERE, WHAT IF UseDevelopmentStorage=true?>")).ToString(); var sasUri= blobClient.Uri + "?" + sasBlobToken; Is there a way to get the StorageSharedKeyCredential directly from a BlobServiceClient? Thanks!
Author:	bragma
Assignees:	-
Labels:	`Client`, `Service Attention`, `Storage`, `customer-reported`, `needs-team-attention`, `needs-triage`, `question`
Milestone:	-

msftbot[bot] on 16 Nov 2020

@amnguye can you take a look?

seanmcc-msft on 1 Dec 2020

👍1

Currently there's a bug in GetClient where the StorageSharedKeyCredential is not getting passed from the parent client. I submitted a PR to addressed this however you will have to wait until the next release of the SDK to receive the fix.

Here's a short sample based on your snippet in v12 to construct a SAS Uri, that way you don't have to pass the StorageSharedKeyCredential from any of clients to the builder to generate a SAS Uri when this PR comes out.

var containerClient = serviceClient.GetBlobContainerClient(containerName);
var blobClient = containerClient.GetBlobClient(blobName);

// This generates a sasUri based on the blobClient information, so the containerName, blobName and resource will already be populated
Uri sasUri = blobClient.GenerateSas(BlobSasPermissions.Read | BlobSasPermissions.Delete, DateTimeOffset.UtcNow.AddHours(24));

However with the current released version you would have to initialize the client with a connection string to a StorageSharedKeyCredential for now.
e.g.

var blobClient = new BlobClient(connectionString, containerName, blobName);
OR
var  blobClient = new BlobClient( blobEndpoint, sharedKeyCredential, options);

// This generates a sasUri based on the blobClient information, so the containerName, blobName and resource will already be populated
Uri sasUri = blobClient.GenerateSas(BlobSasPermissions.Read | BlobSasPermissions.Delete, DateTimeOffset.UtcNow.AddHours(24));

I believe we don't have any plans to expose the StorageSharedKeyCredential from the client.

Sorry for the inconvenience.

amnguye on 1 Dec 2020

👍1

Ok, thanks for the answer. I'll wait for the next release, I have to since I am also blocked by a nasty memory leak with v12.

bragma on 1 Dec 2020

This sample I provided above should currently work with the latest released preview version of Azure.Storage.Blobs .

amnguye on 8 Dec 2020

Please re-open if you have further questions.

seanmcc-msft on 11 Dec 2020

Was this page helpful?

0 / 5 - 0 ratings

Related issues

[BUG] BlobClient Uri now returns url encoding paths

Assassinbeast · 3Comments

[BUG] Error when reading an empty blob with BlobClient.DownloadToAsync

tudort-iquest · 3Comments

[BUG] Resource graph query throws Microsoft.Azure.Management.ResourceGraph.Models.ErrorResponseException

realrubberduckdev · 3Comments

[FEATURE REQ] Allow clearing of AppAuthResultCache from AzureServiceTokenProvider

tomgallard · 3Comments

[BUG] Class KeyVaultCredential does not reflect change in www-authenticate header

msfcolombo · 4Comments