Class BlobSasBuilder

BlobSasBuilder is used to generate a Shared Access Signature (SAS) for an Azure Storage container or blob. For more information, see Create a service SAS.

Inheritance

System.Object

BlobSasBuilder

Namespace: System.Dynamic.ExpandoObject

Assembly: Azure.Storage.Blobs.dll

Syntax

public class BlobSasBuilder

Constructors

BlobSasBuilder()

Initializes a new instance of the BlobSasBuilder class.

Declaration

[System.ComponentModel.EditorBrowsable]
public BlobSasBuilder ();

Remarks

This constructor has been deprecated. Please consider using BlobSasBuilder(BlobSasPermissions, DateTimeOffset) to create a Service SAS. This change does not have any impact on how your application generates or makes use of SAS tokens.

BlobSasBuilder(BlobContainerSasPermissions, DateTimeOffset)

Initializes a new instance of the BlobSasBuilder class to create a Blob Container Service Sas.

Declaration

public BlobSasBuilder (Azure.Storage.Sas.BlobContainerSasPermissions permissions, DateTimeOffset expiresOn);

Parameters

BlobContainerSasPermissions permissions The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. This field must be omitted if it has been specified in an associated stored access policy.

System.DateTimeOffset expiresOn The time at which the shared access signature becomes invalid. This field must be omitted if it has been specified in an associated stored access policy.

BlobSasBuilder(BlobSasPermissions, DateTimeOffset)

Initializes a new instance of the BlobSasBuilder class to create a Blob Service Sas.

Declaration

public BlobSasBuilder (Azure.Storage.Sas.BlobSasPermissions permissions, DateTimeOffset expiresOn);

Parameters

BlobSasPermissions permissions The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. This field must be omitted if it has been specified in an associated stored access policy.

System.DateTimeOffset expiresOn The time at which the shared access signature becomes invalid. This field must be omitted if it has been specified in an associated stored access policy.

Properties

BlobContainerName

The name of the blob container being made accessible.

Declaration

public string BlobContainerName { get; set; }

Property Value

System.String

BlobName

The name of the blob being made accessible, or System.String.Empty for a container SAS.

Declaration

public string BlobName { get; set; }

Property Value

System.String

BlobVersionId

The name of the blob version being made accessible, or System.String.Empty for a blob SAS.

Declaration

public string BlobVersionId { get; set; }

Property Value

System.String

CacheControl

Override the value returned for Cache-Control response header.

Declaration

public string CacheControl { get; set; }

Property Value

System.String

ContentDisposition

Override the value returned for Content-Disposition response header.

Declaration

public string ContentDisposition { get; set; }

Property Value

System.String

ContentEncoding

Override the value returned for Content-Encoding response header.

Declaration

public string ContentEncoding { get; set; }

Property Value

System.String

ContentLanguage

Override the value returned for Content-Language response header.

Declaration

public string ContentLanguage { get; set; }

Property Value

System.String

ContentType

Override the value returned for Content-Type response header.

Declaration

public string ContentType { get; set; }

Property Value

System.String

CorrelationId

Optional. Beginning in version 2020-02-10, this value will be used for to correlate the storage audit logs with the audit logs used by the principal generating and distributing SAS. This is only used for User Delegation SAS.

Declaration

public string CorrelationId { get; set; }

Property Value

System.String

EncryptionScope

Optional. Encryption scope to use when sending requests authorized with this SAS URI.

Declaration

public string EncryptionScope { get; set; }

Property Value

System.String

ExpiresOn

The time at which the shared access signature becomes invalid. This field must be omitted if it has been specified in an associated stored access policy.

Declaration

public DateTimeOffset ExpiresOn { get; set; }

Property Value

System.DateTimeOffset

Identifier

An optional unique value up to 64 characters in length that correlates to an access policy specified for the container.

Declaration

public string Identifier { get; set; }

Property Value

System.String

IPRange

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. When specifying a range of IP addresses, note that the range is inclusive.

Declaration

public Azure.Storage.Sas.SasIPRange IPRange { get; set; }

Property Value

Azure.Storage.Sas.SasIPRange

Permissions

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. This field must be omitted if it has been specified in an associated stored access policy. The BlobSasPermissions, BlobContainerSasPermissions, SnapshotSasPermissions, or BlobAccountSasPermissions can be used to create the permissions string.

Declaration

public string Permissions { get; }

Property Value

System.String

PreauthorizedAgentObjectId

Optional. Beginning in version 2020-02-10, this value will be used for the AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access. No additional permission check for the user specified in this value will be performed. This is only used with generating User Delegation SAS.

Declaration

public string PreauthorizedAgentObjectId { get; set; }

Property Value

System.String

Protocol

The optional signed protocol field specifies the protocol permitted for a request made with the SAS. Possible values are Azure.Storage.Sas.SasProtocol.HttpsAndHttp, Azure.Storage.Sas.SasProtocol.Https, and Azure.Storage.Sas.SasProtocol.None.

Declaration

public Azure.Storage.Sas.SasProtocol Protocol { get; set; }

Property Value

Azure.Storage.Sas.SasProtocol

Resource

Specifies which resources are accessible via the shared access signature.

Specify "b" if the shared resource is a blob. This grants access to the content and metadata of the blob.

Specify "c" if the shared resource is a blob container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container.

Beginning in version 2018-11-09, specify "bs" if the shared resource is a blob snapshot. This grants access to the content and metadata of the specific snapshot, but not the corresponding root blob.

Beginning in version 2019-12-12, specify "bv" if the shared resource is a blob version. This grants access to the content and metadata of the specific version, but not the corresponding root blob.

Declaration

public string Resource { get; set; }

Property Value

System.String

Snapshot

The name of the snapshot being made accessible, or System.String.Empty for a blob SAS.

Declaration

public string Snapshot { get; set; }

Property Value

System.String

StartsOn

Optionally specify the time at which the shared access signature becomes valid. If omitted when DateTimeOffset.MinValue is used, start time for this call is assumed to be the time when the storage service receives the request.

Declaration

public DateTimeOffset StartsOn { get; set; }

Property Value

System.DateTimeOffset

Version

The storage service version to use to authenticate requests made with this shared access signature, and the service version to use when handling requests made with this shared access signature.

Declaration

[System.ComponentModel.EditorBrowsable]
public string Version { get; set; }

Property Value

System.String

Remarks

This property has been deprecated and we will always use the latest

storage SAS version of the Storage service supported. This change

does not have any impact on how your application generates or makes

use of SAS tokens.

Methods

Equals(Object)

Check if two BlobSasBuilder instances are equal.

Declaration

[System.ComponentModel.EditorBrowsable]
public override bool Equals (object obj);

Parameters

System.Object obj The instance to compare to.

Returns

System.Boolean True if they're equal, false otherwise.

GetHashCode()

Get a hash code for the BlobSasBuilder.

Declaration

[System.ComponentModel.EditorBrowsable]
public override int GetHashCode ();

Returns

System.Int32 Hash code for the BlobSasBuilder.

SetPermissions(String, Boolean)

Sets the permissions for the SAS using a raw permissions string.

Declaration

public void SetPermissions (string rawPermissions, bool normalize = false);

Parameters

System.String rawPermissions Raw permissions string for the SAS.

System.Boolean normalize If the permissions should be validated and correctly ordered.

SetPermissions(SnapshotSasPermissions)

Sets the permissions for a Snapshot SAS.

Declaration

public void SetPermissions (Azure.Storage.Sas.SnapshotSasPermissions permissions);

Parameters

SnapshotSasPermissions permissions SnapshotSasPermissions containing the allowed permissions.

SetPermissions(BlobVersionSasPermissions)

Sets the permissions for a Version SAS.

Declaration

public void SetPermissions (Azure.Storage.Sas.BlobVersionSasPermissions permissions);

Parameters

BlobVersionSasPermissions permissions SnapshotSasPermissions containing the allowed permissions.

SetPermissions(String)

Sets the permissions for the SAS using a raw permissions string.

Declaration

public void SetPermissions (string rawPermissions);

Parameters

System.String rawPermissions Raw permissions string for the SAS.

SetPermissions(BlobContainerSasPermissions)

Sets the permissions for a blob container SAS.

Declaration

public void SetPermissions (Azure.Storage.Sas.BlobContainerSasPermissions permissions);

Parameters

BlobContainerSasPermissions permissions BlobContainerSasPermissions containing the allowed permissions.

SetPermissions(BlobAccountSasPermissions)

Sets the permissions for a blob account level SAS.

Declaration

public void SetPermissions (Azure.Storage.Sas.BlobAccountSasPermissions permissions);

Parameters

BlobAccountSasPermissions permissions BlobAccountSasPermissions containing the allowed permissions.

SetPermissions(BlobSasPermissions)

Sets the permissions for a blob SAS.

Declaration

public void SetPermissions (Azure.Storage.Sas.BlobSasPermissions permissions);

Parameters

BlobSasPermissions permissions BlobSasPermissions containing the allowed permissions.

ToSasQueryParameters(StorageSharedKeyCredential)

Use an account's Azure.Storage.StorageSharedKeyCredential to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Declaration

public Azure.Storage.Sas.BlobSasQueryParameters ToSasQueryParameters (Azure.Storage.StorageSharedKeyCredential sharedKeyCredential);

Parameters

Azure.Storage.StorageSharedKeyCredential sharedKeyCredential The storage account's Azure.Storage.StorageSharedKeyCredential.

Returns

BlobSasQueryParameters The BlobSasQueryParameters used for authenticating requests.

ToSasQueryParameters(UserDelegationKey, String)

Use an account's UserDelegationKey to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Declaration

public Azure.Storage.Sas.BlobSasQueryParameters ToSasQueryParameters (Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey, string accountName);

Parameters

UserDelegationKey userDelegationKey A UserDelegationKey returned from GetUserDelegationKeyAsync(Nullable<DateTimeOffset>, DateTimeOffset, CancellationToken).

System.String accountName The name of the storage account.

Returns

BlobSasQueryParameters The BlobSasQueryParameters used for authenticating requests.

ToSasQueryParameters(StorageSharedKeyCredential, String)

Use an account's Azure.Storage.StorageSharedKeyCredential to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Declaration

public Azure.Storage.Sas.BlobSasQueryParameters ToSasQueryParameters (Azure.Storage.StorageSharedKeyCredential sharedKeyCredential, out string stringToSign);

Parameters

Azure.Storage.StorageSharedKeyCredential sharedKeyCredential The storage account's Azure.Storage.StorageSharedKeyCredential.

System.String stringToSign For debugging purposes only. This string will be overwritten with the string to sign that was used to generate the BlobSasQueryParameters.

Returns

BlobSasQueryParameters The BlobSasQueryParameters used for authenticating requests.

ToSasQueryParameters(UserDelegationKey, String, String)

Use an account's UserDelegationKey to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Declaration

public Azure.Storage.Sas.BlobSasQueryParameters ToSasQueryParameters (Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey, string accountName, out string stringToSign);

Parameters

UserDelegationKey userDelegationKey A UserDelegationKey returned from GetUserDelegationKeyAsync(Nullable<DateTimeOffset>, DateTimeOffset, CancellationToken).

System.String accountName The name of the storage account.

System.String stringToSign

Returns

BlobSasQueryParameters For debugging purposes only. This string will be overwritten with the string to sign that was used to generate the BlobSasQueryParameters. The BlobSasQueryParameters used for authenticating requests.

ToString()

Returns a string that represents the current object.

Declaration

[System.ComponentModel.EditorBrowsable]
public override string ToString ();

Returns

System.String A string that represents the current object.