Use SAS URIs from Azure Blob Storage Like a Pro!

when it comes to working with blobs and Azure we can offload a lot of work by getting sassy hi my name is Nick centino and I'm a principal software engineering manager at Microsoft in this video we're going to walk through using SAS URLs so not quite the SAS you might have been thinking about the SAS URLs from Azure blob storage and what this is going to allow us to do is get URLs to resources that other people will be able to use this way we can offload the work that we could be doing to someone else so they can upload and download blobs directly if that sounds interesting just a reminder to subscribe to the channel and check out that pined comment for my courses on dome train let's jump over to visual studio and check it out in a previous video which I'll link up here if you haven't seen it already I was walking through some of the basics of working with Azure blob storage so at this point in this video the intention is that you already have your blob storage account set up but if you haven't done that already you can check out that previous video and it will guide you up to this point that means that you've also already seen things like being able to upload streams and download stream data from Azure blob storage we are going to be using the Azure storage blobs nit package I'm using 12.22 for this but you might be using something a little bit later depending on when you're watching this video to kick things off we're going to start by declaring a blob ID this is just going to be for demonstration purposes I described in the previous video that if you want to use something that looks like a file folder structure so like a directory name followed by a file name you can do that in Azure blob storage in the portal will show you it looking like a file folder hierarchy but there are no actual folders so this is just literally a pointer to that blob it's just a unique identifier for the blob there is no folder just the blob now what I'm going to do in this example is we're going to start by creating a blob client for this blob identifier and what I'm going to do is generate a SAS URI for that and just to clean things up a little bit to make it more readable you'll notice that from line 48 to 50 here what I'm going to be doing is generating a SAS URI this is just a brief Interruption to remind you that I do have courses available on dome train focused on C so whether you're interested in getting started in C looking for a little bit more of an intermediate course focus on object-oriented programming and some async programming or are you just looking to update your refactoring skills and see some examples that we can walk through together you can go ahead and check them out by visiting the links in the description and the comment below thanks and back to the video I am marking it with right and I am going to have it have an expiration of 1 hour so what this means is that we're going to be able to get this URI that we can work with and we can give it to someone else that someone else will basically be able to have right access to this blob for 1 hour that means they can't read from that blob but they can put data there there are other permissions we'll see in just a moment that allow us to do other operations but in this case they can just write things to that very specific blob ID using this URI conceptually you might think about a client server application and you might have your application running in the cloud with a backend server that backend server might be serving all sorts of requests for your application already but if you have the situation where say a user in your front end wants to upload a file what you could do is design it such that that user will upload the file stream it to your backend server then your backend server streams it up to Azure blob storage however what you could do instead and save some bandwidth between these resources is say hey as your blob storage give me a URL that someone else can go use and that's exactly what we're doing here so hey Azure blob storage give us this SAS URI I'm going to go give that to my front end for example and that way the user can go upload a file directly to blob storage there are lots of considerations that you'll want to have with this but the idea is that you can delegate where the upload happens to someone else by using one of these URLs what we're going to do from there is we're going to make an HTTP client again if you're doing this on a server you want to be using HTTP client Factory I'm just doing this for demonstration purposes and we are going to put the key word here is put you need to use this HTTP verb put to be able to put that data at that location so we'll provide the upload URI and the HTTP content in this case it's going to be string content that's defined here on line 53 and it'll just say hello world if we were to go run this example all that this part so far is going to do is upload once we run all of this it will upload hello world into a blob located at this ID now I want to string more of these things together before we go run it so I just want to walk through things and then we're going to go run this example if we scroll down a little bit lower I'm going to go generate another URI but I'm going to read instead so what you'll notice is that I'm using read for the permissions here but I'm also going to set a read period of only 5 Seconds and what I wanted to do to demonstrate in this example is show you that if we read just six seconds after creating this so we wait one second too long it's not going to work and that's because literally we made this SAS URI to have a very short timeout period so from there if we go down a little bit lower I'm going to do the exact same thing again let me put this across multiple lines to make it a little bit easier on your eyes here and when we go to do this one I'm going to have a whole hour and I'm not going to make this YouTube video a whole hour to show you it expire I'm just making it long enough so that you can see that we're able to read when the timeout period is long enough so we'll go read that back and the very bottom of this program is going to read the response that we get back and write that response to the console so to summarize very briefly SAS URI we're going to get that to be able to write we'll put hello world there then we're going to try an example of reading when it's too short then we're going to try an example of reading when the the timeout period is something that we have missed and then we'll try a final example where we're within that timeout period and we can successfully read the data let's go run it and see what happens already we see we have a bit of a problem here so what's going on uploading blob to folder it says that it is uh going to this ID here and then we see status code from creating is bad request everything else after that I expect to be broken we get a forbidden then we get a not found so it's kind of wrapped out on us right at the beginning and it says bad request now something that I hid on purpose is that you need to include a header when you're doing this you do need to go make sure you're reading the documentation and understanding the different parameters this isn't going to be super in-depth on absolutely everything you can configure but if I go back up here you remember I hide things in plain sight in my comments right so if we go run this now you'll see that we have this x- ms- blob dtype header and we're going to add block blob now when we go to do this we should see that the upload specifically that passes and then we'll be able to examine the rest of the output in the console let's go try again and see how far we get and so far so good status code from creating is marked as created so that's what we want we do get a forbidden when we're waiting too long so we had a 5-second timeout period we waited 6 seconds we missed that window we get a forbidden response but if if we try again and we have an hourlong window to use that SAS URI then we do get an okay response when we read back the data it's hello world and just to prove to you that I'm not cheating here if we scroll down in the code you can see that I am reading the result from the response that we get and then I'm writing that out to the console directly I didn't just cheat and write hello world and run this program at the end of all of this what we were able to do is use a SAS URI to go get a URI to upload bytes and then we can go read those bytes back I'm showing you all of this inside of one application but the reality is that as long as someone has that SAS URI they can go use that SAS URI with authentication based on the permissions that are here that you define when you create it and as long as you're within that timeout period they can use it to perform those actions now if we go check out the other permissions very briefly there are permissions to Tag Read add remove delete delete the blob version execute there's a bunch of different things you can do in this video I was just covering read and write because those are some of the two most primitive things we can do but you might want to include delete you might want to be able to move things around so depending on what your application needs are this is absolutely something that you can extend again just a quick reminder that if you're okay just working within one application or one service you don't need to use the SAS Uris there specifically valuable if you want to go let some other service some other component in your system including a front-end application be able to read and write data directly to blob storage and that saves you the bandwidth of going between different components in your system because they can interact with blob storage directly I hope you found that helpful thanks and I'll see you next time