Trying to figure out how to Create a Blob without credentials (using BlobContainerPermissions) RRS feed

  • Question

  • I've got plenty of examples of how to read a blob using a geneated SharedAccessPolicy.  (I'm pasting some code below that does that).  Where I'm stuck is how to create the blob in the first place.  That is, I want to use a signature to write a blog to azure with a new name.  I can't refernece the blob to generate the signature because I don't know the name.

    In the code below, it is creating test.txt with my account credentials.  I want to create the blob with a signature (BlobContainerPermissions?) without having to know the azure credentials.

    If someone could add some code to my example below and post back, I'd appreciate it.

    using System;
    using Microsoft.WindowsAzure;
    using Microsoft.WindowsAzure.StorageClient;
    namespace SASSample
    	class Program
    		private static CloudStorageAccount _account;
    		private const string ContainerName = "mypictures";
    		// Type your storage account information here.
        private static readonly StorageCredentialsAccountAndKey Credentials = new StorageCredentialsAccountAndKey("peterstest",
    		private static string GenerateSAS(CloudBlobContainer container, CloudBlob blob)
          // The container itself doesn't allow public access.
          // The container itself doesn't allow SAS access.
    		  var blobContainerPermissions =
    		    new BlobContainerPermissions
    		        PublicAccess = BlobContainerPublicAccessType.Off
    		  var sharedAccessPolicyForContainer =
    		    new SharedAccessPolicy
    		        Permissions = SharedAccessPermissions.None
    			blobContainerPermissions.SharedAccessPolicies.Add("TestPolicy", sharedAccessPolicyForContainer);
    			// Generate an SAS for the blob.
    		  var blobPolicy = new SharedAccessPolicy
    		               Permissions = SharedAccessPermissions.Read,
    		               SharedAccessExpiryTime = DateTime.UtcNow.AddDays(1d)
    			return blob.GetSharedAccessSignature(blobPolicy, "TestPolicy");
    		static void Main(string[] args)
    			_account = new CloudStorageAccount(Credentials, true);
    			var blobClient = new CloudBlobClient(_account.BlobEndpoint.AbsoluteUri, _account.Credentials);
    			var container = blobClient.GetContainerReference(ContainerName);
    			var blob = container.GetBlobReference("test.txt");
    			blob.UploadText("This is a test blob.");
    			string sas = GenerateSAS(container, blob);
    			Console.WriteLine(blob.Uri.AbsoluteUri + sas);

    Peter Kellner http://peterkellner.net Microsoft MVP • ASPInsider
    • Moved by DanielOdievichEditor Tuesday, September 28, 2010 11:12 PM forum migration (From:Windows Azure)
    Monday, September 13, 2010 3:21 PM


  • Peter -

    I don't know if this is precisely what you are after but I was able to upload a blob using only a shared access signature. I did use my account and key to generate that signature but not the associated blob. I could then have shared that signature with you and you would have been able to upload the blob. In the following example, I create a CloudBlockBlob (cloudBlockBlob1) in memory but not in Azure Storage and use that to generate the shared access signature.  I then create a second CloudBlockBlob in memory using the full URL including the shared access signature and then upload this blob using CloudBlockBlob.UploadText. I did not provide my storage credentials to this second CloudBlockBlob.

    The Fiddler output is as follows:


    PUT http://myaccount.blob.core.windows.net/music/DarkStreet?st=2010-09-13T17%3A36%3A16Z&se=2010-09-13T18%3A26%3A17Z&sp=w&sr=b&sig=SLLlchJamesCarrDKlYeEI%2BOqlslIwvq0HWH2C%2FYJMHTdCug%3D&timeout=90 HTTP/1.1
    x-ms-version: 2009-09-19
    x-ms-blob-type: BlockBlob
    Host: myaccount.blob.core.windows.net
    Content-Length: 26
    Connection: Keep-Alive

    The Dark End of the Street


    HTTP/1.1 201 Created
    Transfer-Encoding: chunked
    Content-MD5: BrVOjCa2DzbsMkVrQJSzug==
    Last-Modified: Mon, 13 Sep 2010 17:46:16 GMT
    ETag: 0x8CD2182B35321C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e8af910f-8d31-49cc-8683-1d805c479bdd
    x-ms-version: 2009-09-19
    Date: Mon, 13 Sep 2010 17:46:15 GMT


    The example is:

    static public void WriteBlobWithSharedAccessSignature(CloudBlobClient cloudBlobClient, String containerName, String blobName)
    	CloudBlobContainer cloudBlobContainer = new CloudBlobContainer(containerName, cloudBlobClient);
    	CloudBlockBlob cloudBlockBlob1 = cloudBlobContainer.GetBlockBlobReference(blobName);
    	SharedAccessPolicy sharedAccessPolicy = new SharedAccessPolicy();
    	sharedAccessPolicy.Permissions = SharedAccessPermissions.Write;
    	sharedAccessPolicy.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-10);
    	sharedAccessPolicy.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(40);
    	String sharedAccessSignature = cloudBlockBlob1.GetSharedAccessSignature(sharedAccessPolicy);
    	String absoluteUri = String.Format("{0}{1}/{2}{3}", AzureStorageConstants.BlobEndPoint, containerName, blobName, sharedAccessSignature);
    	CloudBlockBlob cloudBlockBlob2 = new CloudBlockBlob(absoluteUri);
    	cloudBlockBlob2.UploadText("The Dark End of the Street");



    • Marked as answer by Yi-Lun Luo Monday, September 20, 2010 9:05 AM
    Monday, September 13, 2010 5:59 PM