public async Task SharedAccessSignatureAuthAsync()
{
// Create a service level SAS that only allows reading from service
// level APIs
AccountSasBuilder sas = new AccountSasBuilder
{
// Allow access to files
Services = new AccountSasServices()
{
Files = true
}.ToString(),
// Allow access to the service level APIs
ResourceTypes = new AccountSasResourceTypes()
{
Service = true
}.ToString(),
// Allow read access
Permissions = new AccountSasPermissions()
{
Read = true
}.ToString(),
// Access expires in 1 hour!
ExpiryTime = DateTimeOffset.UtcNow.AddHours(1)
};
// Create a SharedKeyCredential that we can use to sign the SAS token
StorageSharedKeyCredential credential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey);
// Build a SAS URI
UriBuilder sasUri = new UriBuilder(StorageAccountFileUri);
sasUri.Query = sas.ToSasQueryParameters(credential).ToString();
// Create a client that can authenticate with the SAS URI
FileServiceClient service = new FileServiceClient(sasUri.Uri);
// Make a service request to verify we've succesfully authenticated
await service.GetPropertiesAsync();
// Try to create a new container (which is beyond our
// delegated permission)
StorageRequestFailedException ex =
Assert.ThrowsAsync <StorageRequestFailedException>(
async() => await service.CreateShareAsync(Randomize("sample-share")));
Assert.AreEqual(403, ex.Status);
}
