SharedAccessPolicy Class
Represents a shared access policy, which specifies the start time, expiry time, and permissions for a shared access signature.
Namespace: Microsoft.WindowsAzure.StorageClient
Assembly: Microsoft.WindowsAzure.StorageClient (in Microsoft.WindowsAzure.StorageClient.dll)
Assembly: Microsoft.WindowsAzure.StorageClient (in Microsoft.WindowsAzure.StorageClient.dll)
The following code example creates a shared access signature for a blob. The shared access policy is created on the signature itself.
static void CreateSAS() { // Retrieve storage account information from an app.config file. // This is one way to store and retrieve a connection string when // you are writing an application that runs locally, rather than in Windows Azure. CloudStorageAccount storageAccount = CloudStorageAccount.Parse (ConfigurationManager.AppSettings["StorageAccountConnectionString"]); // Create the blob client object. CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient(); // Get a reference to the container for which the shared access signature will be created. CloudBlobContainer container = blobClient.GetContainerReference("mysascontainer"); container.CreateIfNotExist(); // Create a permission policy, consisting of a shared access policy // and a public access setting, and store it on the container. BlobContainerPermissions containerPermissions = new BlobContainerPermissions(); // The public access setting explicitly specifies that the container is private, // so that it can't be accessed anonymously. containerPermissions.PublicAccess = BlobContainerPublicAccessType.Off; //Set the permission policy on the container. container.SetPermissions(containerPermissions); //The container-level access policy provides read/write access to the container for 10 hours. containerPermissions.SharedAccessPolicies.Add("mypolicy", new SharedAccessPolicy() { //If valid immediately, don’t set SharedAccessStartTime, //to avoid failures caused by small clock differences. // // This policy goes live one hour from now. SharedAccessStartTime = DateTime.UtcNow.AddHours(1), SharedAccessExpiryTime = DateTime.UtcNow.AddHours(11), Permissions = SharedAccessPermissions.Write | SharedAccessPermissions.Read }); // The shared access signature then can be used to create a service client. // This code would likely be run from a different client, but is included here to // demonstrate how to consume the shared access signature. // Create the blob client directly, using the shared access signature. // The parameter for StorageCredentialsSharedAccessSignature is // the query parameter portion (after the question mark) // of a URL that uses an SAS. // For example: // Console.WriteLine(blob.Uri.AbsoluteUri + sas); CloudBlobClient sasBlobClient = new CloudBlobClient(storageAccount.BlobEndpoint, new StorageCredentialsSharedAccessSignature(sas)); // Return a reference to a blob. CloudBlob blob = sasBlobClient.GetBlobReference("mysascontainer/myblob.txt"); // Upload text to the blob. If the blob does not yet exist, it will be created. // If the blob does exist, its existing content will be overwritten. blob.UploadText("Write to a blob using shared access credentials."); }
The following example creates a shared access policy at the container level, and then creates a shared access signature that is associated with the policy.
static void CreateSASUsingContainerAccessPolicy() { // Retrieve storage account information from an app.config file. // This is one way to store and retrieve a connection string if you are writing an application // that will run locally, rather than in Windows Azure. CloudStorageAccount storageAccount = CloudStorageAccount.Parse (ConfigurationManager.AppSettings["StorageAccountConnectionString"]); // Create the blob client object. CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient(); // Get a reference to the container for which shared access signature will be created. CloudBlobContainer container = blobClient.GetContainerReference("mysascontainer"); container.CreateIfNotExist(); // Create a permission policy, consisting of a container-level access policy // and a public access setting, and store it on the container. BlobContainerPermissions blobPermissions = new BlobContainerPermissions(); // The container-level access policy provides read/write access to the container for 10 hours. blobPermissions.SharedAccessPolicies.Add("mypolicy", new SharedAccessPolicy() { //If valid immediately, don’t set SharedAccessStartTime, //to avoid failures caused by small clock differences. // // This policy goes live one hour from now. SharedAccessStartTime = DateTime.UtcNow.AddHours(1), SharedAccessExpiryTime = DateTime.UtcNow.AddHours(11), Permissions = SharedAccessPermissions.Write | SharedAccessPermissions.Read }); // The public access setting explicitly specifies that the container is private, // so that it can't be accessed anonymously. blobPermissions.PublicAccess = BlobContainerPublicAccessType.Off; // Set the permission policy on the container. container.SetPermissions(blobPermissions); // Get the shared access signature to share with clients. // Note that this call passes in an empty access policy, so that the shared access signature // will use the 'mypolicy' access policy that's defined on the container. string sas = container.GetSharedAccessSignature(new SharedAccessPolicy(), "mypolicy"); // Clients can use the signature to create a service client. StorageCredentialsSharedAccessSignature sasCreds = new StorageCredentialsSharedAccessSignature(sas); CloudBlobClient sasBlobClient = new CloudBlobClient(storageAccount.BlobEndpoint, new StorageCredentialsSharedAccessSignature(sas)); // Return a reference to a blob. CloudBlob blob = sasBlobClient.GetBlobReference("mysascontainer/myblob.txt"); // Upload text to the blob. If the blob does not yet exist, it will be created. // If the blob does exist, its existing content will be overwritten. blob.UploadText("Hello SAS World"); }
A container-level shared access policy defines a set of parameters that may be applied to shared access signatures on the container or its blobs. The access policy, represented by a SharedAccessPolicy object, defines a start time, an expiry time, and a set of permissions for shared access.
Note that a single SharedAccessPolicy object may also be defined for the shared access signature itself. A container may have a collection of shared access policies, represented by the SharedAccessPolicies class.
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Development Platforms
Windows Vista, Windows 7 and Windows Server 2008Target Platforms
