0

I've done a ton of searching and looking at examples but cannot find what I think is possible. I want to give read access on a blob-by-blob basis, and NOT open the entire container to be readable. All the examples I found show how to create a full authenticated URL for a blob, which I got working. What I'm finding is that I can take that SAS key and append that to any other blobs in the same container and they will be readable.

Can I create a SAS key that is only valid for a single BLOB? If so, an example/link would be appreciated!

Improve this question

1 Answer 1

Reset to default
2

You can certainly set shared access signature at Blob level. If you're using .Net Storage Client library, do take a look at GetSharedAccessSignature function on a blob. I wrote a blog post on Shared Access Signature some time back where you will find some code for creating SAS for blob: http://gauravmantri.com/2013/02/13/revisiting-windows-azure-shared-access-signature/.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for the link. However, on the page you reference there's a function called "GetSaSForBlob", which is what I think I need. But no where in the code example is that method called.
So what you do is 1st call this method on a blob by providing appropriate permission (SharedAccessBlobPermissions.Read if you want to create a SAS using which your users would be able to download the blob`) and get a SAS URL. Then scroll down to "Download Blobs" section in the post to see how that SAS URL is used.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.