public async Task SharedAccessSignatureAuthAsync() { // Create a service level SAS that only allows reading from service // level APIs AccountSasBuilder sas = new AccountSasBuilder { // Allow access to files Services = AccountSasServices.Files, // Allow access to the service level APIs ResourceTypes = AccountSasResourceTypes.Service, // Access expires in 1 hour! ExpiresOn = DateTimeOffset.UtcNow.AddHours(1) }; // Allow read access sas.SetPermissions(AccountSasPermissions.Read); // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey); // Build a SAS URI UriBuilder sasUri = new UriBuilder(StorageAccountFileUri); sasUri.Query = sas.ToSasQueryParameters(credential).ToString(); // Create a client that can authenticate with the SAS URI ShareServiceClient service = new ShareServiceClient(sasUri.Uri); // Make a service request to verify we've successfully authenticated await service.GetPropertiesAsync(); // Try to create a new container (which is beyond our // delegated permission) RequestFailedException ex = Assert.ThrowsAsync <RequestFailedException>( async() => await service.CreateShareAsync(Randomize("sample-share"))); Assert.AreEqual(403, ex.Status); }