Can I create a SAS url for Azure File storage (i.e. not Blobs)

7
votes

Using windows azure blob storage and providing access via a url with a Shared Access Signature is all normal and great. Can I do the same using files stored using the newer Azure File Storage?

The Get Blob REST api says you can use a Shared Access Signature, but the Get File REST API docs don't. So I'm guessing not.

If it's not possible, what's the suggested approach to give temporary access to someone? Create a copy as a blob and use SAS for that, or just don't use File Storage for this scenario?

3
.netazureazure-storage

3 Answers

6
votes

The latest WindowsAzure.Storage Version 5.0.0 has API to create SAS for Azure File Share.

Example (taken from Tool or usage example to generate and view SAS (Shared Access Signatures) of both Azure Block Blob and Azure File Share):

static void FileShareSas(){
    var account = new CloudStorageAccount(new StorageCredentials(accountName, accountKey), true);
    var fileClient = account.CreateCloudFileClient();
    var share = fileClient.GetShareReference("share");
    var sasToken = share.GetSharedAccessSignature(new Microsoft.WindowsAzure.Storage.File.SharedAccessFilePolicy(){
            Permissions = Microsoft.WindowsAzure.Storage.File.SharedAccessFilePermissions.List,
            SharedAccessExpiryTime = new DateTimeOffset(DateTime.UtcNow.AddDays(1))
        });
}

Feel free to check out this free tool as well: EverDir.com

3
votes

Currently it is not possible to create a Shared Access Signature for Azure File Service.

If it's not possible, what's the suggested approach to give temporary access to someone? Create a copy as a blob and use SAS for that, or just don't use File Storage for this scenario?

I would say, currently this is the best approach to do so. Other option would be to proxy your file service storage with your application.

3
votes

I guess my answer is too late, but maybe someone else is looking for the same topic. I had the same problem and found info only about "blobs", but after making a little research I could create this method in C# that returns the SAS url

First install the AzureStorage library to your project from the NuGet Management Tool

using Microsoft.Azure;
using Microsoft.WindowsAzure;
using Microsoft.WindowsAzure.Storage;
using Microsoft.WindowsAzure.Storage.File;

And here you have the code

public string GetFromUrl(string folder, string fileName)
{
    CloudStorageAccount storageAccount = CloudStorageAccount.Parse("DefaultEndpointsProtocol=https;AccountName=yourStorageAcountName;AccountKey=yourKey");
    CloudFileClient fileClient = storageAccount.CreateCloudFileClient();

    Uri myUri = new Uri("https://yourAcount.file.core.windows.net/yourDirectory/"+ folder);
    CloudFileDirectory directory = new CloudFileDirectory(myUri, storageAccount.Credentials);

    var result = GetFileSasUri(directory, fileName);
    return result;
}

static string GetFileSasUri(CloudFileDirectory container, string fileName)
{
    CloudFile file = container.GetFileReference(fileName);
    SharedAccessFilePolicy sasConstraints = new SharedAccessFilePolicy();
    sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5);
    sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24);
    sasConstraints.Permissions = SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write;
    string sasBlobToken = file.GetSharedAccessSignature(sasConstraints);
    SharedAccessFilePolicy sharedPolicy = new SharedAccessFilePolicy()
    {
        SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
        Permissions = SharedAccessFilePermissions.Write | SharedAccessFilePermissions.List | SharedAccessFilePermissions.Read
    };


    return file.Uri + sasBlobToken;
}

In this example the "Folder" parameter could be empty or should end with "/". The file name, must have its extention (e.g audio.mp3) Please notice that the link has an expiry date, but you can add hours, days, and even years for this ;)

Hope it could help you