We have an ASP.NET Core v1.1 web application that displays protected images stored in the Azure Blob Storage Service. We achieve this by using a Shared Access Signature (SAS) that expires 36 hours in the future.
We store this SAS in memory for up to 18 hours (sliding expiration of 6 hours, absolute expiration 18 hours), to avoid repeated calls to the blob service. This has been in production since October, without issue, but recently over the past week we have run into issues where our customer is reporting broken images. Clearing the cache fixes the issue.
Our short term workaround is to shorten the cache to a maximum of 5 minutes, but I'm not sure why we would need to if the SAS is valid for 36 hours?
So, my questions are:
- is it possible for a SAS to expire much earlier than expected?
- is it safe to cache the SAS like I described, or should I request a new signature for every single request?