Get the expiration date on an Azure storage account-lvel SAS?

1
votes

I'm looking for a way to find any expired or expiring SAS signatures on an Azure storage account.

Using C# I have examined all the public properties and methods of the CloudStorageAccount class, I have also looked at this class in ILSpy and Azure Resource explorer - just can't see a way to retrieve the SAS expiry date/time. 

void Main()
{   
    CloudStorageAccount account = new CloudStorageAccount(new 
         StorageCredentials(GetName(), GetKey()), true);
    account.Dump();

    CloudBlobClient client = account.CreateCloudBlobClient();

    foreach (CloudBlobContainer container in client.ListContainers())
    {
        var sabp = new SharedAccessBlobPolicy();
        var sas = container.GetSharedAccessSignature(sabp);
        Console.WriteLine(container.Name);
        Console.WriteLine(sas);
        Console.WriteLine();
    }   
}

internal string GetName() {return @"myaccountname";}
internal string GetKey() {return @"myaccountkey";}

The is no error but also no way (I can see) to get the account-level SAS.
Note I do not want any blob SAS but the SAS set against the container. Thanks

1
azure-storage
what's your purpose? just get the expired time of the sas token in your above code?Ivan Yang

1 Answers

0
votes

If you want to know if your account-level SAS is expired or expiring of , based on this doc , you can just check the SignedExpiry param. in SAS , its name is se.

Try the code below to get a account-level SAS with blob object read permission and has 1 day's lifetime:

    static void Main(string[] args)
    {
        CloudStorageAccount account = new CloudStorageAccount(new StorageCredentials("<storage  account name>", "<storage key>"), true);

        var accesspolicy = new SharedAccessAccountPolicy()
        {
            Permissions = SharedAccessAccountPermissions.Read,
            Services = SharedAccessAccountServices.Blob,
            SharedAccessExpiryTime = DateTime.UtcNow.AddDays(1),
            ResourceTypes = SharedAccessAccountResourceTypes.Object
        };
        var accountSAS = account.GetSharedAccessSignature(accesspolicy);

        Console.WriteLine(accountSAS);

        Console.ReadKey();

    }

Result :

enter image description here

As you can see, the se param is there and indicates this sas will expire after 1 day.

So you can use this sas to access your blobs : enter image description here