Sample code for 30+ languages & platforms
C#

Create an Azure Service SAS

See more Azure Cloud Storage Examples

Shows how to generate an Azure Service SAS.

Chilkat C# Downloads

C#
//  This requires the Chilkat API to have been previously unlocked.
//  See Global Unlock Sample for sample code.

//  ----------------------------------------------------------------------------------------------
//  Create a Shared Access Signature (SAS) token for an Azure Service (Blob, Queue, Table, or File)
//  -----------------------------------------------------------------------------------------------

//  See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
//  for details.

Chilkat.AuthAzureSAS authSas = new Chilkat.AuthAzureSAS();
authSas.AccessKey = "AZURE_ACCESS_KEY";

//  Specify the format of the string to sign.
//  Each comma character in the following string represents a LF ("\n") character.
//  The names specified in the StringToSign are replaced with the values specified
//  in the subsequent calls to SetTokenParam and SetNonTokenParam,.

//  Note: The trailing comma in the StringToSign is intentional and important. This indicates that the 
//  string to sign will end with a "\n".

//  Also note: The names in the StringToSign are case sensitive.  The names
//  specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
//  match a name listed in StringToSign. 

//  Version 2018-11-09 and later
//  
//  Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields. 
//  These must be included in the string-to-sign. To construct the string-to-sign for Blob service resources, use the following format:
//  
//  StringToSign = signedpermissions + "\n" +  
//                 signedstart + "\n" +  
//                 signedexpiry + "\n" +  
//                 canonicalizedresource + "\n" +  
//                 signedidentifier + "\n" +  
//                 signedIP + "\n" +  
//                 signedProtocol + "\n" +  
//                 signedversion + "\n" +  
//                 signedResource + "\n"
//                 signedSnapshotTime + "\n" +
//                 rscc + "\n" +  
//                 rscd + "\n" +  
//                 rsce + "\n" +  
//                 rscl + "\n" +  
//                 rsct  
//  

authSas.StringToSign = "signedpermissions,signedstart,signedexpiry,canonicalizedresource,signedidentifier,signedIP,signedProtocol,signedversion,signedResource,signedSnapshotTime,rscc,rscd,rsce,rscl,rsct";

authSas.SetTokenParam("signedpermissions","sp","rw");

Chilkat.CkDateTime dt = new Chilkat.CkDateTime();
dt.SetFromCurrentSystemTime();
authSas.SetTokenParam("signedstart","st",dt.GetAsIso8601("YYYY-MM-DDThh:mmTZD",false));

//  This SAS token will be valid for 30 days.
dt.AddDays(30);
authSas.SetTokenParam("signedexpiry","se",dt.GetAsIso8601("YYYY-MM-DDThh:mmTZD",false));

//  The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version
//  2021-08-06 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blob�s container. Table names must be
//  lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
//  For example:
//  URL = https://chilkat.blob.core.windows.net/mycontainer/starfish.jpg
//  canonicalizedresource = "/blob/chilkat/mycontainer/starfish.jpg"  
//  IMPORTANT: See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas for all details..
authSas.SetNonTokenParam("canonicalizedresource","/blob/chilkat/mycontainer/starfish.jpg");

authSas.SetTokenParam("signedProtocol","spr","https");

//   Specifiy values and query param names for each field.
//   If a field is not specified, then an empty string will be used for its value.
authSas.SetTokenParam("signedversion","sv","2018-11-09");

//  Indicate that we are creating a service SAS that is limited to the blob resource.
//  (Specify b if the shared resource is a blob. This grants access to the content and metadata of the blob.
//   Specify c if the shared resource is a container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. )
authSas.SetTokenParam("signedResource","sr","b");

//  Note that we did not call SetTokenParam for "signedIP", "signedSnapshotTime", "rscc", and others.  For any omitted fields
//  the value will default to the empty string.

//  Generate the SAS token.
string sasToken = authSas.GenerateToken();
if (authSas.LastMethodSuccess != true) {
    Debug.WriteLine(authSas.LastErrorText);
    return;
}

Debug.WriteLine("SAS token: " + sasToken);

//  Save the SAS Service token to a file.
//  We can then use this pre-generated token for future Azure Storage Account operations.
Chilkat.FileAccess fac = new Chilkat.FileAccess();
fac.WriteEntireTextFile("qa_data/tokens/azureStorageServiceSas.txt",sasToken,"utf-8",false);