Upload and Download Files using a SAS Token


A SAS token can be used to grant temporary access to your storage without exposing your storage key. By leveraging a SAS token we can grant objects temporary access to our container with the defined permissions and a defined time. If you're unfamiliar or want the details of how a SAS token works then head over to https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1.

Objective:

Today we will simplify the process by demonstrating how easy it is to create and use a SAS Token and prove it works by uploading and downloading files.

Implementation:

Step 1: The first step if you haven't' already done so is to create a resource group and storage account.

$ResourceGroupName = 'LabRG1'

$StorageAccountName = 'labsa1'

$ContainerName = 'labcn1'

#create new resource group and storage account

New-AzureRmResourceGroup -Name $ResourceGroupName -Location $location

New-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName -Type Standard_LRS -Location "East US"

Set-AzureRmCurrentStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName

Step 2: Next, create a new storage container.

# create a container

New-AzureStorageContainer -Name $ContainerName -Permission Off


Note: Set the container Permission to Off so that anonymous access is turned off. Access will be granted with the SAS token created in the next step.

Step 3: Create the SASToken and specify the permissions and expiration time for the token. The ExpiryTime is the amount of time before the SASToken expires. You should set this value to a time that will allow you to complete the desired operation.

#new SASToken

$sasToken = New-AzureStorageContainerSASToken -container $ContainerName -Permission rwdl -ExpiryTime (get-date).AddHours(1)

#new storage content using the SAS token we just create

$StorageContext = New-AzureStorageContext $StorageAccountName -SasToken $sasToken

We now have everything setup to securely upload and download files. The key is the use the $StorageAccount object that we just created. Let's verify in our subscription that our container is created.


Step 4: Let's upload a file to our container as a blob.

#upload a file

Set-AzureStorageBlobContent -File $file -Container $containerName -Context $StorageContext -Blob $blob -Force -WarningAction SilentlyContinue


Now let's verify the file was uploaded to our container.


Step 5: Now let's download the file to our Azure Iaas VM.

#download a file

Get-AzureStorageBlobContent -Container $ContainerName -Blob 'testfile.txt' -Destination 'C:\test\testfile.txt' -Context $storageAccountContext -Force

The testfile.txt was downloaded to our local IaaS VM. See how easy it is to upload and download a file using a SASToken.

PowerShell

$ResourceGroupName = 'LabRG1'

$StorageAccountName = 'labsa1'

$ContainerName = 'labcn1'

New-AzureRmResourceGroup -Name $ResourceGroupName -Location $location

New-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName -Type Standard_LRS -Location "East US"

Set-AzureRmCurrentStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName

# create a container and SASToken

New-AzureStorageContainer -Name $ContainerName -Permission Off

$sasToken = New-AzureStorageContainerSASToken -container $ContainerName -Permission rwdl -ExpiryTime (get-date).AddHours(1)

$StorageContext = New-AzureStorageContext
$StorageAccountName -SasToken $sasToken

#upload a file

Set-AzureStorageBlobContent -File $file -Container $containerName -Context $StorageContext -Blob $blob -Force -WarningAction SilentlyContinue

#download a file

Get-AzureStorageBlobContent -Container $ContainerName -Blob 'testfile.txt' -Destination 'C:\test\testfile.txt' -Context $storageAccountContext -Force


Comments (0)

Skip to main content