How to download a Blob using a SAS

1
votes

I'm trying to use AzCopy 5.1.0 to download a single blob from a Blob Storage container using a SAS generated by Storage Explorer:

https://myaccount.blob.core.windows.net/mycontainer/[blob-uuid]?st=2016-11-23T18%3A26%3A00Z&se=2016-11-24T18%3A26%3A00Z&sp=rl&sv=2015-12-11&sr=b&sig=[signature]

azcopy /Source:https://myaccount.blob.core.windows.net/mycontainer /SourceSAS:"?st=2016-11-23T18%3A26%3A00Z&se=2016-11-24T18%3A26%3A00Z&sp=rl&sv=2015-12-11&sr=b&sig=[signature]" /Dest:"c:\data"

If /Source is supposed to be the blob container, and the /SourceSAS is supposed to be the SAS token, then somewhere I need to pass in the actual Blob key ([blob-uuid]).

IMHO, this should be /SourceKey, but specifying my blob key there returns the error: "The supplied storage key (SourceKey) is not a valid Base64 string." This is consistent with the command line help that describes the parameter as the "Storage account key".

The only other candidate I can find is /Pattern, but that seems more for the case of downloading blobs by enumerating through the contents of the container. This seems consistent with the 403 error I get when I specify the exact blob key here; the container is private.

In any case, AzCopy complains that the "Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature." This in my experience indicates that the original URI that the SAS signature was generated upon, is not being reconstructed properly.

I am able to use the original SAS URI directly via curl, so it's not a question of the signature being inconsistent.

I've also tried generating the SAS URI programmatically using the SDK so I can specify a Shared Access Policy, but that's not working either. I still think AzCopy needs the missing part of the SAS URI.

3
azureazure-storage-blobsazcopy

3 Answers

0
votes

AzCopy transfer target is always a directory, not a single blob/file, so AzCopy need container level SAS instead of blob SAS. The pattern is only used to filter out the objects to transfer.

We will open a task to track download a single blob with blob SAS. Anyway, this is not aligned with current AzCopy logic, we will take it as a new feature request.

0
votes

Read the docs:

Download single blob:

AzCopy /Source:https://myaccount.blob.core.windows.net/mycontainer /Dest:C:\myfolder /SourceKey:key /Pattern:"abc.txt"

/Source would be your URI up to the container

/SourceKey would be your key, but without the question mark at the begining

/Pattern would be the name of your blob

/Destination would be the local folder name where you want the blob to be downloaded

0
votes

We can download a blob from the container source by using account key or container SAS Token. And a blob URI is not supported as source to download the blob.The following snapshot is my test result.

1.Use container as the source and container SAS token. Use the Pattern to select the download blob.

AzCopy /Source:https://mystorageAccount.blob.core.windows.net/mycontainer /Dest:C:\myfolder /SourceSAS:"?st=2016-11-24T02%3A34%3A00Z&se=2016-11-25T02%3A34%3A00Z&sp=rl&sv=2015-12-11&sr=c&sig=[s‌​ignature]" /Pattern:blobName

enter image description here

2.Use container as the source and account key token.It also can work. If I use the wrong key token (connectionstring),then I get "The supplied storage key (SourceKey) is not a valid Base64 string" error

enter image description here

3.Use container as the source and blob SAS token, it doesn't work

enter image description here

4.Use blob as the source and container SAS token, it doesn't support with no pattern

enter image description here

[Update]

We can use azure storage .Net SDK to download the blob from the blob uri with the blob SAS Token.

StorageCredentials storageCredentials = new StorageCredentials("blob sas token");//without "?"
            var blobName = "blobName";
            var downloadFolder = @"c:\filefolder";
            var filePath = Path.Combine(downloadFolder, blobName);
            CloudBlockBlob sourceBlockBlob = new CloudBlockBlob(new Uri("blob url"), storageCredentials);
            sourceBlockBlob.DownloadToFile(filePath, FileMode.Create);