public async Task SharedAccessSignatureAuthAsync() { // Create a service level SAS that only allows reading from service // level APIs AccountSasBuilder sas = new AccountSasBuilder { // Allow access to files Services = new AccountSasServices() { Files = true }.ToString(), // Allow access to the service level APIs ResourceTypes = new AccountSasResourceTypes() { Service = true }.ToString(), // Allow read access Permissions = new AccountSasPermissions() { Read = true }.ToString(), // Access expires in 1 hour! ExpiryTime = DateTimeOffset.UtcNow.AddHours(1) }; // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey); // Build a SAS URI UriBuilder sasUri = new UriBuilder(StorageAccountFileUri); sasUri.Query = sas.ToSasQueryParameters(credential).ToString(); // Create a client that can authenticate with the SAS URI FileServiceClient service = new FileServiceClient(sasUri.Uri); // Make a service request to verify we've succesfully authenticated await service.GetPropertiesAsync(); // Try to create a new container (which is beyond our // delegated permission) StorageRequestFailedException ex = Assert.ThrowsAsync <StorageRequestFailedException>( async() => await service.CreateShareAsync(Randomize("sample-share"))); Assert.AreEqual(403, ex.Status); }