Sample code for 30+ languages & platforms
Delphi DLL

How to Generate an Azure Storage Account Shared Access Signature (SAS)

See more Azure Cloud Storage Examples

Shows how to generate a Shared Access Signature (SAS) for an Azure Storage Account.

Note: This example requires Chilkat v9.5.0.65 or greater.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, FileAccess, AuthAzureSAS, CkDateTime;

...

procedure TForm1.Button1Click(Sender: TObject);
var
authSas: HCkAuthAzureSAS;
dt: HCkDateTime;
sasToken: PWideChar;
fac: HCkFileAccess;

begin
// Note: Requires Chilkat v9.5.0.65 or greater.

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// --------------------------------------------------------------------------
// Create a Shared Access Signature (SAS) token for an Azure Storage Account.
// --------------------------------------------------------------------------

// See https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/constructing-an-account-sas 
// for details regarding the Azure Storage Account SAS fields.

authSas := CkAuthAzureSAS_Create();
CkAuthAzureSAS_putAccessKey(authSas,'AZURE_ACCESS_KEY');

// Specify the format of the string to sign.
// Each comma character in the following string represents a LF ("\n") character.
// The names specified in the StringToSign are replaced with the values specified
// in the subsequent calls to SetTokenParam and SetNonTokenParam,.

// Note: The trailing comma in the StringToSign is intentional and important. This indicates that the 
// string to sign will end with a "\n".

// Also note: The names in the StringToSign are case sensitive.  The names
// specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
// match a name listed in StringToSign. 
CkAuthAzureSAS_putStringToSign(authSas,'accountname,signedpermissions,signedservice,signedresourcetype,signedstart,signedexpiry,signedIP,signedProtocol,signedversion,');

//  The account name is "chilkat".  Use your own account name instead of "chilkat".
//  Also use your own container name instead of "mycontainer".
CkAuthAzureSAS_SetNonTokenParam(authSas,'accountname','chilkat');

CkAuthAzureSAS_SetTokenParam(authSas,'signedpermissions','sp','rwdlacup');
CkAuthAzureSAS_SetTokenParam(authSas,'signedservice','ss','bfqt');
CkAuthAzureSAS_SetTokenParam(authSas,'signedresourcetype','srt','sco');

dt := CkDateTime_Create();
CkDateTime_SetFromCurrentSystemTime(dt);
CkAuthAzureSAS_SetTokenParam(authSas,'signedstart','st',CkDateTime__getAsIso8601(dt,'YYYY-MM-DDThh:mmTZD',False));

// This SAS token will be valid for 30 days.
CkDateTime_AddDays(dt,30);
CkAuthAzureSAS_SetTokenParam(authSas,'signedexpiry','se',CkDateTime__getAsIso8601(dt,'YYYY-MM-DDThh:mmTZD',False));

CkAuthAzureSAS_SetTokenParam(authSas,'signedProtocol','spr','https');

//  Specifiy values and query param names for each field.
//  If a field is not specified, then an empty string will be used for its value.
CkAuthAzureSAS_SetTokenParam(authSas,'signedversion','sv','2015-04-05');

// Note that we did not call SetTokenParam for "signedIP".  For any omitted fields
// the value will default to the empty string.

// Generate the SAS token.
sasToken := CkAuthAzureSAS__generateToken(authSas);
if (CkAuthAzureSAS_getLastMethodSuccess(authSas) <> True) then
  begin
    Memo1.Lines.Add(CkAuthAzureSAS__lastErrorText(authSas));
    Exit;
  end;

Memo1.Lines.Add('SAS token: ' + sasToken);

// Save the SAS token to a file.
// We can then use this pre-generated token for future Azure Storage Account operations.
fac := CkFileAccess_Create();
CkFileAccess_WriteEntireTextFile(fac,'qa_data/tokens/azureStorageAccountSas.txt',sasToken,'utf-8',False);

CkAuthAzureSAS_Dispose(authSas);
CkDateTime_Dispose(dt);
CkFileAccess_Dispose(fac);

end;