locked
Window azure private blob shared access key not more that 1 hour RRS feed

  • Question

  • Hi Team,

    I am uploading files in container and set permission off and set expiry time more than 2 years but when I am accesing blob through the url using shared key then its giving some exception expiry hours cann't be greater than 1 hour. IF i set it 60min then after 60 min its not accessible to me.

    I have to make accessibility more than 2 years... please provide best solution for it.

    Below the code for uploading--

      CloudBlobContainer blobContainer = blobClient.GetContainerReference(Containername);

                            // If the container does not exist, we need to create it.

                            blobContainer.CreateIfNotExist();

                            // Let us put public permissions on the container so we can access the file from anywhere.

                            BlobContainerPermissions containerPermissions = new BlobContainerPermissions();
                           
                            containerPermissions.PublicAccess = BlobContainerPublicAccessType.Off;
                           // containerPermissions.PublicAccess = BlobContainerPublicAccessType.Blob;

                            blobContainer.SetPermissions(containerPermissions);
                            string sas = blobContainer.GetSharedAccessSignature(new SharedAccessPolicy()
                            {
                                // SharedAccessStartTime=DateTime.UtcNow,
                                SharedAccessExpiryTime = DateTime.UtcNow.AddYears(20),
                                Permissions = SharedAccessPermissions.Write | SharedAccessPermissions.Read
                            });


                            HttpContext.Current.Session["Signature"] = sas;
                            CloudBlob blob = blobContainer.GetBlobReference(finalname);


                            //blob.UploadFile(ImagePath); // File from local storage.

                            blob.UploadFromStream(hpf.InputStream);

    Friday, May 31, 2013 10:43 AM

Answers

  • Not sure what is the scenario which requires continuous access to BLOB for 2 years. You have two options:

    1. Make it public..technically it is available to public but will still require someone to know the address to access.

    2. Identify the source and if the source is what is expected, give access to private BLOB by creating SAS limited to 60 minutes. Requester can continue making requests using either SAS and/or source identifier to have continued access. Also, make the code not deliver any BLOBs after a hard 2 years.

    Sunday, June 2, 2013 6:05 PM
  • Hi,

    You can't set it to more than 60m, according to the documentation: http://msdn.microsoft.com/en-us/library/windowsazure/ee772922.aspx

    There are three ways to specify an access policy:

    • You can specify it on a single shared access signature. In this case, the interval over which the signature may be valid is limited to one hour.



    Best Regards,
    Carlos Sardo

    Friday, May 31, 2013 1:06 PM

All replies

  • Hi,

    You can't set it to more than 60m, according to the documentation: http://msdn.microsoft.com/en-us/library/windowsazure/ee772922.aspx

    There are three ways to specify an access policy:

    • You can specify it on a single shared access signature. In this case, the interval over which the signature may be valid is limited to one hour.



    Best Regards,
    Carlos Sardo

    Friday, May 31, 2013 1:06 PM
  • Not sure what is the scenario which requires continuous access to BLOB for 2 years. You have two options:

    1. Make it public..technically it is available to public but will still require someone to know the address to access.

    2. Identify the source and if the source is what is expected, give access to private BLOB by creating SAS limited to 60 minutes. Requester can continue making requests using either SAS and/or source identifier to have continued access. Also, make the code not deliver any BLOBs after a hard 2 years.

    Sunday, June 2, 2013 6:05 PM