Generating Azure Blob file SAS key using Azure SDK

With a demand for concrete strategy to determine how applications, workloads & data remain available during downtime organizations need a disaster recovery & business continuity strategy which is given by Microsoft azure. Azure BCDR covers people, communication, transportation that includes physical facilities & information technology. Even the smallest of the outage can prove to be a major setback for your business and with a business continuity plan and a disaster recovery system all your major information technology systems can be well saved without the expense of another secondary infrastructure. With the implementation of BCDR strategy the workload and applications of the organization is kept up and running in the occurrence of any outage. It is an effective and cloud based data recovery solution that is simple to implement and cost effective.

Why do we need SAS key for Blob File?

Azure Blob is massively scalable object storage for unstructured data.

  • Blob Storage can handle all your unstructured data, scaling up or down as your needs change.
  • You no longer have to manage it
  • You only pay for what you use and you save money over on-premises storage options.

A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key.

A SAS gives you granular control over the type of access you grant to clients who have the SAS, including:

  1. The interval over which the SAS is valid, including the start time and the expiry time.
  2. The permissions granted by the SAS. For example, a SAS for a blob might grant read and write permissions to that blob, but not delete permissions.
  3. An optional IP address or range of IP addresses from which Azure Storage will accept the SAS. For example, you might specify a range of IP addresses belonging to your organization.
  4. The protocol over which Azure Storage will accept the SAS. You can use this optional parameter to restrict access to clients using HTTPS.

Using SDK to Generate SAS key from C-Sharp code:

  • You need to include the Azure SDK DLLs:

You can get the DLLs from Nuget package manager as well. Refer below names to search in Nuget:

  1. WindowsAzure.ConfigurationManager
  2. WindowsAzure.Storage
    • The first step is to connect to the Blob storage using Connection String. You can add the Blob connection string in the App.config and use that in code to create connection like below:

Your connection string should be of the format:

  • The below code creates the connection:
//Parse the connection string and return a reference to the storage account.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));

//Create the blob client object.
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
  • Once connection is created, we can retrieve the blob container which contains the blob:
  • We can use the container reference, blob file name and the connection to create the SAS key like below:

I have uploaded the entire code to my Github as well for reference.

Why we can’t use Azure Storage Explorer tool to do this:

The Azure storage explorer also has the option to connect to your blob and generate SAS key with clean User Interface. But recently for last 2-3 months, I am facing issues with generating Key with Azure Storage Explorer.

This is the reason I implemented this code to remove dependency on the tool.

Share Story :