Comments
A gatekeeper style proxy which can delegate endpoints and get requests to different aspects of the platform i.e. a download request may go straight to the datastore whereas a calculation may go straight to the API
Code
The following code demonstrates how to create a SAS that is valid for five minutes.
The GetSharedAccessReferenceForUpload method returns a SAS that can be used to upload a file to Azure Blob Storage.
Systemspublic class ValuesController : ApiController
{
private readonly CloudStorageAccount account;
private readonly string blobContainer;
...
///
/// Return a limited access key that allows the caller to upload a file
/// to this specific destination for a defined period of time.
///
private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName)
{
var blobClient = this.account.CreateCloudBlobClient();
var container = blobClient.GetContainerReference(this.blobContainer);
var blob = container.GetBlockBlobReference(blobName);
var policy = new SharedAccessBlobPolicy
{
Permissions = SharedAccessBlobPermissions.Write,
// Specify a start time five minutes earlier to allow for client clock skew.
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),
// Specify a validity period of five minutes starting from now.
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(5)
};
// Create the signature.
var sas = blob.GetSharedAccessSignature(policy);
return new StorageEntitySas
{
BlobUri = blob.Uri,
Credentials = sas,
Name = blobName
};
}
public struct StorageEntitySas
{
public string Credentials;
public Uri BlobUri;
public string Name;
}
}