Share via


DataLakeSasBuilder Class

Definition

DataLakeSasBuilder is used to generate a Shared Access Signature (SAS) for a Data Lake file system or path

   For more information, see
Constructing a Service SAS.
public class DataLakeSasBuilder
type DataLakeSasBuilder = class
Public Class DataLakeSasBuilder
Inheritance
DataLakeSasBuilder

Constructors

DataLakeSasBuilder(DataLakeFileSystemSasPermissions, DateTimeOffset)

Initializes a new instance of the DataLakeSasBuilder class to create a Blob Service Sas.

DataLakeSasBuilder(DataLakeSasPermissions, DateTimeOffset)

Initializes a new instance of the DataLakeSasBuilder class to create a Blob Service Sas.

Properties

AgentObjectId

Optional. Beginning in version 2020-02-10, this value will be used for the AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access. the Azure Storage Service will perform an additional POSIX ACL check to determine if the user is authorized to perform the requested operation. This cannot be used in conjuction with PreauthorizedAgentObjectId. This is only used with generating User Delegation SAS.

CacheControl

Override the value returned for Cache-Control response header.

ContentDisposition

Override the value returned for Content-Disposition response header.

ContentEncoding

Override the value returned for Cache-Encoding response header.

ContentLanguage

Override the value returned for Cache-Language response header.

ContentType

Override the value returned for Cache-Type response header.

CorrelationId

Optional. Beginning in version 2020-02-10, this value will be used for to correlate the storage audit logs with the audit logs used by the principal generating and distributing SAS. This is only used for User Delegation SAS.

EncryptionScope

Optional. Encryption scope to use when sending requests authorized with this SAS URI.

ExpiresOn

The time at which the shared access signature becomes invalid. This field must be omitted if it has been specified in an associated stored access policy.

FileSystemName

The name of the file system being made accessible.

Identifier

An optional unique value up to 64 characters in length that correlates to an access policy specified for the file system.

IPRange

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. When specifying a range of IP addresses, note that the range is inclusive.

IsDirectory

Beginning in version 2020-02-10, this value defines whether or not the Path is a directory. If this value is set to true, the Path is a Directory for a Directory SAS. If set to false or default, the Path is a File Path for a File Path SAS.

Path

The name of the path being made accessible, or Empty for a file system SAS. Beginning in version 2020-02-10, setting IsDirectory to true means we will accept the Path as a directory for a directory SAS. If not set, this value is assumed to be a File Path for a File Path SAS.

Permissions

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. This field must be omitted if it has been specified in an associated stored access policy. The DataLakeSasPermissions, DataLakeFileSystemSasPermissions or DataLakeAccountSasPermissions can be used to create the permissions string.

PreauthorizedAgentObjectId

Optional. Beginning in version 2020-02-10, this value will be used for the AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access. No additional permission check for the user specified in this value will be performed. This cannot be used in conjuction with AgentObjectId. This is only used with generating User Delegation SAS.

Protocol

The optional signed protocol field specifies the protocol permitted for a request made with the SAS. Possible values are HttpsAndHttp, Https, and None.

Resource

Specifies which resources are accessible via the shared access signature.

Specify "b" if the shared resource is a blob. This grants access to the content and metadata of the blob.

Specify "c" if the shared resource is a blob container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container.

Beginning in version 2018-11-09, specify "bs" if the shared resource is a blob snapshot. This grants access to the content and metadata of the specific snapshot, but not the corresponding root blob.

Beginning in version 2020-02-10, specify "d" if the shared resource is a DataLake directory. This grants access to the paths in the directory and to list the paths in the directory. When "d" is specified, the sdd query parameter is also required.

StartsOn

Optionally specify the time at which the shared access signature becomes valid. If omitted when DateTimeOffset.MinValue is used, start time for this call is assumed to be the time when the storage service receives the request.

Methods

SetPermissions(DataLakeAccountSasPermissions)

Sets the permissions for a path account level SAS.

SetPermissions(DataLakeFileSystemSasPermissions)

Sets the permissions for a file system SAS.

SetPermissions(DataLakeSasPermissions)

Sets the permissions for a file SAS.

SetPermissions(String, Boolean)

Sets the permissions for the SAS using a raw permissions string.

SetPermissions(String)

Sets the permissions for the SAS using a raw permissions string.

ToSasQueryParameters(StorageSharedKeyCredential, String)

Use an account's StorageSharedKeyCredential to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

ToSasQueryParameters(StorageSharedKeyCredential)

Use an account's StorageSharedKeyCredential to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

ToSasQueryParameters(UserDelegationKey, String, String)

Use an account's UserDelegationKey to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

ToSasQueryParameters(UserDelegationKey, String)

Use an account's UserDelegationKey to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Applies to