Valet Key Pattern




A gatekeeper style proxy which can delegate endpoints and get requests to different aspects of the platform i.e. a download request may go straight to the datastore whereas a calculation may go straight to the API




The following code demonstrates how to create a SAS that is valid for five minutes.


The GetSharedAccessReferenceForUpload method returns a SAS that can be used to upload a file to Azure Blob Storage.


public class ValuesController : ApiController
  private readonly CloudStorageAccount account;
  private readonly string blobContainer;
  /// Return a limited access key that allows the caller to upload a file 
  /// to this specific destination for a defined period of time.
  private StorageEntitySas GetSharedAccessReferenceForUpload(string blobName)
    var blobClient = this.account.CreateCloudBlobClient();
    var container = blobClient.GetContainerReference(this.blobContainer);

    var blob = container.GetBlockBlobReference(blobName);

    var policy = new SharedAccessBlobPolicy
      Permissions = SharedAccessBlobPermissions.Write,

      // Specify a start time five minutes earlier to allow for client clock skew.
      SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),

      // Specify a validity period of five minutes starting from now. 
      SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(5)

    // Create the signature. 
    var sas = blob.GetSharedAccessSignature(policy);

    return new StorageEntitySas
      BlobUri = blob.Uri,
      Credentials = sas,
      Name = blobName

  public struct StorageEntitySas
    public string Credentials;
    public Uri BlobUri;
    public string Name;