👀 Views: 367 💬 Answers: 1 📅 Created: 2025-06-12

azure blob-storage sas csharp C#

I'm working on a project and hit a roadblock... I'm working through a tutorial and I'm running into an scenario where my Shared Access Signature (SAS) tokens for Azure Blob Storage are not respecting the access policies I've set... I created a container and defined a stored access policy with the following parameters: ```json { "Identifier": "policy1", "Expiry": "2023-12-31T23:59:59Z", "Permissions": "rwd" } ``` After setting up the policy, I generated a SAS token using this policy, but when I try to access the blob using the token, I get a `403 Forbidden` behavior. My code to generate the SAS token looks like this: ```csharp var blobClient = new BlobServiceClient(connectionString); var containerClient = blobClient.GetBlobContainerClient("mycontainer"); var sasBuilder = new BlobSasBuilder() { Identifier = "policy1", ExpiresOn = DateTimeOffset.UtcNow.AddHours(1) }; var sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(accountName, accountKey)).ToString(); ``` I have verified that the policy is correctly associated with the container. I also confirmed the permissions set in the policy align with the operations I am attempting (read, write, delete). The connection string used is valid, and I have sufficient permissions assigned to the storage account. Here are the key points I checked: - The Azure SDK version is `Azure.Storage.Blobs 12.10.0`. - The container is set to private. - I am using the correct account name and key. Despite all this, the SAS token doesn’t seem to allow access as expected. Are there any common pitfalls or additional settings I might be missing that could lead to this scenario? Any insights or troubleshooting steps would be greatly appreciated! I'm open to any suggestions. My development environment is Debian. Is there a simpler solution I'm overlooking?