public void ValidateSasCredentials() { // Create a SharedKeyCredential that we can use to sign the SAS token var credential = new TableSharedKeyCredential(TestEnvironment.AccountName, TestEnvironment.PrimaryStorageAccountKey); // Build a shared access signature with only Read permissions. TableSasBuilder sas = client.GetSasBuilder(TableSasPermissions.Read, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string token = sas.Sign(credential); // Build a SAS URI UriBuilder sasUri = new UriBuilder(TestEnvironment.StorageUri) { Query = token }; // Create the TableServiceClient using the SAS URI. var sasAuthedService = InstrumentClient(new TableServiceClient(sasUri.Uri, Recording.InstrumentClientOptions(new TableClientOptions()))); var sasTableclient = sasAuthedService.GetTableClient(tableName); // Validate that we are able to query the table from the service. Assert.That(async() => await sasTableclient.QueryAsync().ToEnumerableAsync().ConfigureAwait(false), Throws.Nothing); // Validate that we are not able to upsert an entity to the table. Assert.That(async() => await sasTableclient.UpsertEntityAsync(CreateTableEntities("partition", 1).First(), UpdateMode.Replace).ConfigureAwait(false), Throws.InstanceOf <RequestFailedException>().And.Property("Status").EqualTo((int)HttpStatusCode.Forbidden)); }