Azure SDK .NET - Delete blobs in batch using SAS

Question

I have a Blob Container SAS with Add/Create/Write/Delete permissions (no Read, no List). And I need to delete blobs in this container in a batch:

try
{
    string sasToken = "sv=2023-0103&si=wd&sr=c&sig=blah-blah-blah";

    BlobContainerClient contClient = new(CreateContainerUrl(container), new AzureSasCredential(sasToken));
    BlobBatchClient batchClient = new(contClient);
    await batchClient.DeleteBlobsAsync(blobUris);
}
catch (Exception ex)
{
    _logger.LogError(ex, "Failed to delete multiple blobs in \"{0}\" container", container);
    throw;
}

But I get an error:

Status: 403 (This request is not authorized to perform this operation using this permission.)

ErrorCode: AuthorizationPermissionMismatch

What am I doing wrong?

Your SAS token has the permissions in si (signed identifier). Just wondering if that's a typo. — Gaurav Mantri
– Gaurav Mantri, Commented Jun 5, 2024 at 20:54

Venkatesan · Accepted Answer · 2024-06-06 06:17:03Z

Status: 403 (This request is not authorized to perform this operation using this permission.)

The above error occurs when you don't proper permission or incorrect SAS token to access the storage account.

In my storage account, I stored some files with container name test.

Portal:

enter image description here

Now, I created Access policy with name sample1 with permission Add/Create/Write/Delete.

Portal: enter image description here

Now, I generated SAS token using Access policy using portal.

Portal:

enter image description here

Now, using the below code I can able to delete the blobs using SAS token.

Code:

using Azure;
using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Specialized;
using Microsoft.Extensions.Logging;

public class BlobDeletionService
{
    private readonly ILogger<BlobDeletionService> _logger;

    public BlobDeletionService(ILogger<BlobDeletionService> logger)
    {
        _logger = logger;
    }

    public async Task DeleteBlobsAsync(string sasToken, string containerUrl, List<Uri> blobUris)
    {
        try
        {
            BlobContainerClient contClient = new BlobContainerClient(new Uri(containerUrl), new AzureSasCredential(sasToken));

            BlobBatchClient batchClient = new BlobBatchClient(contClient);

            await batchClient.DeleteBlobsAsync(blobUris);
        }
        catch (Exception ex)
        {
            _logger.LogError(ex, "Failed to delete multiple blobs in \"{0}\" container", containerUrl);
            throw;
        }
    }
}
   
public class Program
{
    private static async Task Main(string[] args)
    {
        using var loggerFactory = LoggerFactory.Create(builder =>
        {
            builder.AddConsole();
        });
        ILogger<BlobDeletionService> logger = loggerFactory.CreateLogger<BlobDeletionService>();
  
        string sasToken = "st=2024-06-06T05:18:31Z&se=2024-06-06T13:18:31Z&si=sample1&spr=https&sv=2022-11-02&sr=c&sig=HDvVDqokkxxxcbxxxxxD";
        string containerUrl = "https://venkat123.blob.core.windows.net/test";

        List<Uri> blobUris = new List<Uri>
        {
            new Uri("https://venkat123.blob.core.windows.net/test/sample2.ps1"),
            new Uri("https://venkat123.blob.core.windows.net/test/industry.csv.gpg")
        };

        BlobDeletionService deletionService = new BlobDeletionService(logger);
        await deletionService.DeleteBlobsAsync(sasToken, containerUrl, blobUris);
    }
}

The above code executed and deleted the two blobs in my environment.

Portal:

enter image description here

Reference: Azure Storage Blobs Batch client library for .NET - Azure for .NET Developers | Microsoft Learn

Collectives™ on Stack Overflow

Azure SDK .NET - Delete blobs in batch using SAS

1 Answer 1

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related