...
The SAS token is a query string that includes all of the required information about authorization, resources, permissions and time intervals. The SAS token has the following syntax:
| Code Block | ||||
|---|---|---|---|---|
| ||||
$sasToken = "sv=$Version" `
+ "&ss=$Services" `
+ "&srt=$ResourceTypes" `
+ "&sp=$Permissions" `
+ "&se=" + [System.Web.HttpUtility]::UrlEncode( $expiresIso ) `
+ "&st=" + [System.Web.HttpUtility]::UrlEncode( $nowIso ) `
+ "&spr=https" `
+ "&sig=" + [System.Web.HttpUtility]::UrlEncode( $signature ) |
...
LIST BLOB:
The LIST BLOB operation lists the blobs from the container. The signature and SAS token for LIST BLOB should have permission to access the list of the resource on services.Code Block title StringToSign for LIST BLOB operation collapse true $stringToSign = $Account + "`n" ` + $Permissions + "`n" ` + $Services + "`n" ` + $ResourceTypes + "`n" ` + $nowIso + "`n" ` + $expiresIso + "`n" ` + "`n" ` + "https" + "`n" ` + $Version + "`n"Code Block title SAS Token for LIST BLOB collapse true $sasToken = "sv=$Version" ` + "&ss=$Services" ` + "&srt=$ResourceTypes" ` + "&sp=$Permissions" ` + "&se=" + [System.Web.HttpUtility]::UrlEncode( $expiresIso ) ` + "&st=" + [System.Web.HttpUtility]::UrlEncode( $nowIso ) ` + "&spr=https" ` + "&sig=" + [System.Web.HttpUtility]::UrlEncode( $signature )
where$Account is the storage account for which the HTTPS request is generated.
$Permission will be 'l' to grant permission for listing
$Services will be 'b' to provide the blob service
$ResourceType will be 'c' to use resource type as container
$nowIso is the URL-Decoded current time in UTC
- $expires is the URL_Decoded expiry time in UTC
GET BLOB:
The GTE BLOB operation retrieves the content of the blob. So, for the get operation it is required to have a read permission on the object to the blob serviceCode Block title StringToSign for GET BLOB operation collapse true $stringToSign = $Account + "`n" ` + $Permissions + "`n" ` + $Services + "`n" ` + $ResourceTypes + "`n" ` + $nowIso + "`n" ` + $expiresIso + "`n" ` + "`n" ` + "https" + "`n" ` + $Version + "`n"Code Block title SAS Token for GET BLOB collapse true $sasToken = "sv=$Version" ` + "&ss=$Services" ` + "&srt=$ResourceTypes" ` + "&sp=$Permissions" ` + "&se=" + [System.Web.HttpUtility]::UrlEncode( $expiresIso ) ` + "&st=" + [System.Web.HttpUtility]::UrlEncode( $nowIso ) ` + "&spr=https" ` + "&sig=" + [System.Web.HttpUtility]::UrlEncode( $signature )
where$Account is the storage account for which the HTTPS request is generated.
$Permission will be 'r' to grant permission for listing
$Services will be 'b' to provide the blob service
$ResourceType will be 'o' to use resource type as container
$nowIso is the URL-Decoded current time in UTC
- $expires is the URL_Decoded expiry time in UTC
PUT BLOB
The PUT BLOB operation creates a new block blob or updates an existing block blob. The PUT BLOB operation creates a BLOB from the content of a file, therefore it is required to have write permission to the resource object in the blob sevice.Code Block title StringToSign for PUT BLOB operation collapse true $stringToSign = $Account + "`n" ` + $Permissions + "`n" ` + $Services + "`n" ` + $ResourceTypes + "`n" ` + $nowIso + "`n" ` + $expiresIso + "`n" ` + "`n" ` + "https" + "`n" ` + $Version + "`n"Code Block title SAS Token for PUT BLOB collapse true $sasToken = "sv=$Version" ` + "&ss=$Services" ` + "&srt=$ResourceTypes" ` + "&sp=$Permissions" ` + "&se=" + [System.Web.HttpUtility]::UrlEncode( $expiresIso ) ` + "&st=" + [System.Web.HttpUtility]::UrlEncode( $nowIso ) ` + "&spr=https" ` + "&sig=" + [System.Web.HttpUtility]::UrlEncode( $signature )
where$Account is the storage account for which the HTTPS request is generated.
$Permission will be 'w' to grant permission for listing
$Services will be 'b' to provide the blob service
$ResourceType will be 'o' to use resource type as container
$nowIso is the URL-Decoded current time in UTC
- $expires is the URL_Decoded expiry time in UTC
...