SharedAccessPolicy Class

Storage Client Library NET API

[This topic is part of the Microsoft Azure Storage Client Library 1.7, which has been deprecated. See Storage Client Library for the latest version.]

Represents a shared access policy, which specifies the start time, expiry time, and permissions for a shared access signature.

Namespace: Microsoft.WindowsAzure.StorageClient
Assembly: Microsoft.WindowsAzure.StorageClient (in Microsoft.WindowsAzure.StorageClient.dll)

Usage

Visual Basic
Dim instance As SharedAccessPolicy

Syntax

Visual Basic
Public Class SharedAccessPolicy
C#
public class SharedAccessPolicy
C++
public ref class SharedAccessPolicy
J#
JScript

Example

The following code example creates a shared access signature for a blob. The shared access policy is created on the signature itself.

C# Copy Code
static void CreateSAS()
{
// Retrieve storage account information from an app.config file.
// This is one way to store and retrieve a connection string when
// you are writing an application that runs locally, rather than in Windows Azure.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse
    (ConfigurationManager.AppSettings["StorageAccountConnectionString"]);

// Create the blob client object.
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();

// Get a reference to the container for which the shared access signature will be created.
CloudBlobContainer container = blobClient.GetContainerReference("mysascontainer");
container.CreateIfNotExist();

// Create a permission policy, consisting of a shared access policy 
// and a public access setting, and store it on the container. 
BlobContainerPermissions containerPermissions = new BlobContainerPermissions();

// The public access setting explicitly specifies that the container is private, 
// so that it can't be accessed anonymously.
containerPermissions.PublicAccess = BlobContainerPublicAccessType.Off;

//Set the permission policy on the container.
container.SetPermissions(containerPermissions);

//The container-level access policy provides read/write access to the container for 10 hours.
containerPermissions.SharedAccessPolicies.Add("mypolicy", new SharedAccessPolicy()
{
    //If valid immediately, don’t set SharedAccessStartTime,
    //to avoid failures caused by small clock differences.
    // 
    // This policy goes live one hour from now.
    SharedAccessStartTime = DateTime.UtcNow.AddHours(1),
    SharedAccessExpiryTime = DateTime.UtcNow.AddHours(11),
    Permissions = SharedAccessPermissions.Write | SharedAccessPermissions.Read
});

// The shared access signature then can be used to create a service client. 
// This code would likely be run from a different client, but is included here to 
// demonstrate how to consume the shared access signature.

// Create the blob client directly, using the shared access signature.
// The parameter for StorageCredentialsSharedAccessSignature is
// the query parameter portion (after the question mark) 
// of a URL that uses an SAS. 
// For example: 
// Console.WriteLine(blob.Uri.AbsoluteUri + sas);

CloudBlobClient sasBlobClient = new CloudBlobClient(storageAccount.BlobEndpoint,
    new StorageCredentialsSharedAccessSignature(sas));

// Return a reference to a blob.
CloudBlob blob = sasBlobClient.GetBlobReference("mysascontainer/myblob.txt");

// Upload text to the blob. If the blob does not yet exist, it will be created. 
// If the blob does exist, its existing content will be overwritten.
blob.UploadText("Write to a blob using shared access credentials.");
}

The following example creates a shared access policy at the container level, and then creates a shared access signature that is associated with the policy.

C# Copy Code
static void CreateSASUsingContainerAccessPolicy()
{
  // Retrieve storage account information from an app.config file.
  // This is one way to store and retrieve a connection string if you are writing an application 
  // that will run locally, rather than in Windows Azure.
  CloudStorageAccount storageAccount = CloudStorageAccount.Parse
      (ConfigurationManager.AppSettings["StorageAccountConnectionString"]);
  
  // Create the blob client object.
  CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();

  // Get a reference to the container for which shared access signature will be created.
  CloudBlobContainer container = blobClient.GetContainerReference("mysascontainer");
  container.CreateIfNotExist();

  // Create a permission policy, consisting of a container-level access policy 
  // and a public access setting, and store it on the container. 
  BlobContainerPermissions blobPermissions = new BlobContainerPermissions();

  // The container-level access policy provides read/write access to the container for 10 hours.
  blobPermissions.SharedAccessPolicies.Add("mypolicy", new SharedAccessPolicy()
    {
        //If valid immediately, don’t set SharedAccessStartTime,
        //to avoid failures caused by small clock differences.
        // 
        // This policy goes live one hour from now.
        SharedAccessStartTime = DateTime.UtcNow.AddHours(1),
        SharedAccessExpiryTime = DateTime.UtcNow.AddHours(11),
        Permissions = SharedAccessPermissions.Write | SharedAccessPermissions.Read
    });

  // The public access setting explicitly specifies that the container is private, 
  // so that it can't be accessed anonymously.
  blobPermissions.PublicAccess = BlobContainerPublicAccessType.Off;

  // Set the permission policy on the container.
  container.SetPermissions(blobPermissions);

  // Get the shared access signature to share with clients.
  // Note that this call passes in an empty access policy, so that the shared access signature 
  // will use the 'mypolicy' access policy that's defined on the container.
  string sas = container.GetSharedAccessSignature(new SharedAccessPolicy(), "mypolicy");

  // Clients can use the signature to create a service client.
  StorageCredentialsSharedAccessSignature sasCreds = new StorageCredentialsSharedAccessSignature(sas);
  CloudBlobClient sasBlobClient = new CloudBlobClient(storageAccount.BlobEndpoint,
    new StorageCredentialsSharedAccessSignature(sas));

  // Return a reference to a blob.
  CloudBlob blob = sasBlobClient.GetBlobReference("mysascontainer/myblob.txt");

  // Upload text to the blob. If the blob does not yet exist, it will be created. 
  // If the blob does exist, its existing content will be overwritten.
  blob.UploadText("Hello SAS World");
}

Remarks

A container-level shared access policy defines a set of parameters that may be applied to shared access signatures on the container or its blobs. The access policy, represented by a SharedAccessPolicy object, defines a start time, an expiry time, and a set of permissions for shared access.

Note that a single SharedAccessPolicy object may also be defined for the shared access signature itself. A container may have a collection of shared access policies, represented by the SharedAccessPolicies class.


Inheritance Hierarchy

System.Object
  Microsoft.WindowsAzure.StorageClient.SharedAccessPolicy

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Development Platforms

Windows Vista, Windows 7, Windows Server 2008, Windows 8.1, Windows Server 2012 R2, Windows 8 and Windows Server 2012

Change History

See Also