I am trying to use the Preview auf the Azure Search Blob Indexer. When configuring the indexer using a full connection string the indexer passes successfully (apart from the issues mentioned in my other questions).
What I am trying to do is to restrict the Indexer to use a SharedAccessSignature instead of the full ConnectionString.
The message I get with (status.LastResult.ErrorMessage) when querying the Indexer Status is following:
The remote server returned an error: (403) Forbidden.
I can reproduce this using the following sample code:
static void Main(string[] args)
{
var SASToken = ConfigurationManager.AppSettings["SASToken"];
var endpoint = ConfigurationManager.AppSettings["BlobEndpoint"];
var sasToken = Encoding.UTF8.GetString(Convert.FromBase64String(SASToken));
var conn = $"BlobEndpoint={endpoint};SharedAccessSignature={sasToken};";
var csa = CloudStorageAccount.Parse(conn);
var blobClient = csa.CreateCloudBlobClient();
var container = blobClient.GetContainerReference("main");
// This throws an Error, 403 forbidden, as the SAS may not access the Container
// none theless the indexer can still list blobs ...
var exists = container.Exists();
// ... as used here..
var blobs = container.ListBlobs("documentArchive", true).ToList();
foreach(var blob in blobs.OfType<CloudBlockBlob>())
{
var ms = new MemoryStream();
blob.DownloadToStreamAsync(ms).Wait();
var data = ms.ToArray();
Console.WriteLine(blob.StorageUri);
}
}
My Assumption is that the Azure Search Indexer checks if the Container exists, gets an exception and then stops. I think this limitation is unnecessary and confusing as the blobs could still be enumerated and indexed correctly.
