locked
Trying to figure out how to Create a Blob without credentials (using BlobContainerPermissions) RRS feed

  • Question

  • I've got plenty of examples of how to read a blob using a geneated SharedAccessPolicy.  (I'm pasting some code below that does that).  Where I'm stuck is how to create the blob in the first place.  That is, I want to use a signature to write a blog to azure with a new name.  I can't refernece the blob to generate the signature because I don't know the name.

    In the code below, it is creating test.txt with my account credentials.  I want to create the blob with a signature (BlobContainerPermissions?) without having to know the azure credentials.

    If someone could add some code to my example below and post back, I'd appreciate it.

    using System;
    using Microsoft.WindowsAzure;
    using Microsoft.WindowsAzure.StorageClient;
    
    namespace SASSample
    {
    	class Program
    	{
    		private static CloudStorageAccount _account;
    		private const string ContainerName = "mypictures";
    		// Type your storage account information here.
        private static readonly StorageCredentialsAccountAndKey Credentials = new StorageCredentialsAccountAndKey("peterstest",
          "xxxxxA+sS45X6TstYZnCxxxHZL3FyGET2FAshNvjftZFD7sEc/hYA7Jub1Ah9QB2OowPvG8++IgmI8O5zg==");
    
    		private static string GenerateSAS(CloudBlobContainer container, CloudBlob blob)
    		{
          // The container itself doesn't allow public access.
          // The container itself doesn't allow SAS access.
    
    		  var blobContainerPermissions =
    		    new BlobContainerPermissions
    		      {
    		        PublicAccess = BlobContainerPublicAccessType.Off
    		      };
    
    		  var sharedAccessPolicyForContainer =
    		    new SharedAccessPolicy
    		      {
    		        Permissions = SharedAccessPermissions.None
    		      };
    
    			blobContainerPermissions.SharedAccessPolicies.Clear();
    			blobContainerPermissions.SharedAccessPolicies.Add("TestPolicy", sharedAccessPolicyForContainer);
    			container.SetPermissions(blobContainerPermissions);
    
    			// Generate an SAS for the blob.
    		  var blobPolicy = new SharedAccessPolicy
    		             {
    		               Permissions = SharedAccessPermissions.Read,
    		               SharedAccessExpiryTime = DateTime.UtcNow.AddDays(1d)
    		             };
    
          
    
    			return blob.GetSharedAccessSignature(blobPolicy, "TestPolicy");
    		}
    
    		static void Main(string[] args)
    		{
    			_account = new CloudStorageAccount(Credentials, true);
    			var blobClient = new CloudBlobClient(_account.BlobEndpoint.AbsoluteUri, _account.Credentials);
    			var container = blobClient.GetContainerReference(ContainerName);
    			container.CreateIfNotExist();
    			var blob = container.GetBlobReference("test.txt");
    			blob.UploadText("This is a test blob.");
    			string sas = GenerateSAS(container, blob);
    			Console.WriteLine(blob.Uri.AbsoluteUri + sas);
    		}
    	}
    }
    
    

    Peter Kellner http://peterkellner.net Microsoft MVP • ASPInsider
    • Moved by DanielOdievichEditor Tuesday, September 28, 2010 11:12 PM forum migration (From:Windows Azure)
    Monday, September 13, 2010 3:21 PM

Answers

  • Peter -

    I don't know if this is precisely what you are after but I was able to upload a blob using only a shared access signature. I did use my account and key to generate that signature but not the associated blob. I could then have shared that signature with you and you would have been able to upload the blob. In the following example, I create a CloudBlockBlob (cloudBlockBlob1) in memory but not in Azure Storage and use that to generate the shared access signature.  I then create a second CloudBlockBlob in memory using the full URL including the shared access signature and then upload this blob using CloudBlockBlob.UploadText. I did not provide my storage credentials to this second CloudBlockBlob.

    The Fiddler output is as follows:

    REQUEST:

    PUT http://myaccount.blob.core.windows.net/music/DarkStreet?st=2010-09-13T17%3A36%3A16Z&se=2010-09-13T18%3A26%3A17Z&sp=w&sr=b&sig=SLLlchJamesCarrDKlYeEI%2BOqlslIwvq0HWH2C%2FYJMHTdCug%3D&timeout=90 HTTP/1.1
    x-ms-version: 2009-09-19
    x-ms-blob-type: BlockBlob
    Host: myaccount.blob.core.windows.net
    Content-Length: 26
    Connection: Keep-Alive

    The Dark End of the Street

    RESPONSE:

    HTTP/1.1 201 Created
    Transfer-Encoding: chunked
    Content-MD5: BrVOjCa2DzbsMkVrQJSzug==
    Last-Modified: Mon, 13 Sep 2010 17:46:16 GMT
    ETag: 0x8CD2182B35321C8
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: e8af910f-8d31-49cc-8683-1d805c479bdd
    x-ms-version: 2009-09-19
    Date: Mon, 13 Sep 2010 17:46:15 GMT

    0

    The example is:

    static public void WriteBlobWithSharedAccessSignature(CloudBlobClient cloudBlobClient, String containerName, String blobName)
    {
    	CloudBlobContainer cloudBlobContainer = new CloudBlobContainer(containerName, cloudBlobClient);
    	CloudBlockBlob cloudBlockBlob1 = cloudBlobContainer.GetBlockBlobReference(blobName);
    
    	SharedAccessPolicy sharedAccessPolicy = new SharedAccessPolicy();
    	sharedAccessPolicy.Permissions = SharedAccessPermissions.Write;
    	sharedAccessPolicy.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-10);
    	sharedAccessPolicy.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(40);
    
    	String sharedAccessSignature = cloudBlockBlob1.GetSharedAccessSignature(sharedAccessPolicy);
    
    	String absoluteUri = String.Format("{0}{1}/{2}{3}", AzureStorageConstants.BlobEndPoint, containerName, blobName, sharedAccessSignature);
    
    	CloudBlockBlob cloudBlockBlob2 = new CloudBlockBlob(absoluteUri);
    	cloudBlockBlob2.UploadText("The Dark End of the Street");
    }
    


     

     

    • Marked as answer by Yi-Lun Luo Monday, September 20, 2010 9:05 AM
    Monday, September 13, 2010 5:59 PM
    Answerer