here is the docs that describe how to Constructing a Service SAS.
the document says, you can specify a table name , so that the sas can only access that specific table.
Can i do the same thing with queue, so the sas can only access that specific queue?
Can i do the same thing with queue, so the sas can only access that specific queue?
Sure you can! Take a look at the code below:
static void GenerateSasForQueue()
{
var cred = new StorageCredentials(accountName, accountKey);
var account = new CloudStorageAccount(cred, true);
var client = account.CreateCloudQueueClient();
var queue = client.GetQueueReference("queue-name");
var sasPolicy = new SharedAccessQueuePolicy()
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-15),
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2),
Permissions = SharedAccessQueuePermissions.Add | SharedAccessQueuePermissions.Read |
SharedAccessQueuePermissions.Update | SharedAccessQueuePermissions.ProcessMessages
};
var sasToken = queue.GetSharedAccessSignature(sasPolicy);
var sasUrl = string.Format("{0}{1}", queue.Uri.AbsoluteUri, sasToken);
}
This code will generate a SAS Token on the queue named queue-name in your storage account with all permissions valid for 2 hours from the date of SAS creation.