更新答案:
既然你有多個集裝箱,帳戶SAS是一個不錯的選擇。你需要一個管理員和一個用戶。
這裏的管理員SAS如何創建一個實例:
// Create a new access policy for the account.
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
// SAS for Blob service only.
Services = SharedAccessAccountServices.Blob,
// Admin has read, write, list, and delete permissions on all containers.
// In order to write blobs, Object resource type must also be specified.
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
Permissions = SharedAccessAccountPermissions.Read |
SharedAccessAccountPermissions.Write |
SharedAccessAccountPermissions.Create |
SharedAccessAccountPermissions.List |
SharedAccessAccountPermissions.Delete,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOnly
};
而這裏的用戶SAS如何創建一個實例:
// Create a new access policy for the account.
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
// SAS for Blob service only.
Services = SharedAccessAccountServices.Blob,
// User has create, read, write, and delete permissions on blobs.
ResourceTypes = SharedAccessAccountResourceTypes.Object,
Permissions = SharedAccessAccountPermissions.Read |
SharedAccessAccountPermissions.Write |
SharedAccessAccountPermissions.Create |
SharedAccessAccountPermissions.Delete,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOnly
};
原來的答覆:
你肯定需要爲管理SAS使用一個帳戶SAS,但是您應該能夠在容器上爲用戶SAS使用服務SAS,除非您需要一個帳戶SAS,從你的問題中解脫出來。儘可能使用服務SAS可能會更好,以便您可以使用最簡單的權限。另外,您可以在服務SAS中使用存儲的訪問策略,我們建議將其作爲最佳實踐,以便在SAS損壞時很容易撤消它。
使用服務SAS,您不需要限制容器創建的權限,因爲服務SAS不允許您首先創建容器。
這裏的代碼容器,包括存儲的訪問策略上創建服務SAS:
// Create the storage account with the connection string.
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(CloudConfigurationManager.GetSetting("StorageConnectionString"));
// Create the blob client object.
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
// Get a reference to the container for which shared access signature will be created.
CloudBlobContainer container = blobClient.GetContainerReference("mycontainer");
container.CreateIfNotExists();
// Create blob container permissions, consisting of a shared access policy
// and a public access setting.
BlobContainerPermissions containerPermissions = container.GetPermissions();
// Clear the container's shared access policies to avoid naming conflicts if you run this method more than once.
//blobPermissions.SharedAccessPolicies.Clear();
// The shared access policy provides
// read/write access to the container for 24 hours.
containerPermissions.SharedAccessPolicies.Add("mypolicy", new SharedAccessBlobPolicy()
{
// To ensure SAS is valid immediately, don’t set start time.
// This way, you can avoid failures caused by small clock differences.
// Note that the Create permission allows the user to create a new blob, as does Write.
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Permissions = SharedAccessBlobPermissions.Write |
SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.Delete
});
// The public access setting explicitly specifies that
// the container is private, so that it can't be accessed anonymously.
containerPermissions.PublicAccess = BlobContainerPublicAccessType.Off;
// Set the permission policy on the container.
container.SetPermissions(containerPermissions);
// Get the shared access signature to share with users.
string sasToken =
container.GetSharedAccessSignature(null, "mypolicy");
看看這裏顯示的例子:https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/#examples-create-and-use-shared-access-signatures。
另見https://msdn.microsoft.com/en-us/library/azure/dn140255.aspx和https://msdn.microsoft.com/en-us/library/azure/mt584140.aspx。
讓我們知道您是否有任何其他問題。
您是否還可以在帳戶SAS中包含您希望擁有的權限? –
我有兩個webapi管理員和一個普通用戶。 我有一個存儲帳戶,可以爲許多用戶包含許多不同的容器,即每個用戶都有一個容器。我需要以下權限: 權限管理:創建,刪除容器 \t \t \t \t \t列表斑點在容器 \t \t \t \t \t 權限的用戶:讀,寫,刪除斑點各自的容器, 限制容器創建 \t \t \t \t \t \t \t \t \t \t 我試着創建兩個單獨的帳戶SAS來實現上述目的?這是正確的方法嗎? –