I've created a SAS token, which seems to work if I access the private container with URL: https://mystorage.blob.core.windows.net/mycontainer?restype=container&comp=list&sv=2015-12-11&sr=c&sig=11111111111123%3D&se=2016-07-29T11%3A32%3A28Z&sp=cwl
Code:
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Create |
SharedAccessBlobPermissions.Write |
SharedAccessBlobPermissions.List |
SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15)
};
var blobStorage = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobStorage.GetContainerReference(blobContainerName);
string sasContainerToken = container.GetSharedAccessSignature(policy);
But when I use this sasContainerToken in AzCopy (from a batch file), I receive the following error:
[2016-07-29 14:00:38][ERROR] The syntax of the command is incorrect.
Invalid SAS token in parameter "DestSAS". Value of "se" is invalid in SAS token.
The problems seems to be with the time, which is escaped with the "%3A", changing this to ":" resolves the error, but now I'm not authorized because of an incorrect SAS.
Any idea's?
UPDATE: Generating an Account SAS from the Azure Portal seems to solve the AzCopy error, but still access denieds from the individual blob uploads
AzCopy
/Source:C:\temp\myfiles
/Dest:"https://mystorage.blob.core.windows.net/mycontainer"
/DestSas:"?sv=2015-04-05&ss=bfqt&srt=sco&sp=rwdlacup&se=2016-07-30T21:11:31Z&st=2016-07-28T13:11:31Z&spr=https&sig=p%2FlCgbgMRU7lH7111111YyxEDE21rZWFo4%3D"
Changing the /DestSas to /DestKey (with a valid key) works, but gives too much permissions