New-AzStorageBlobSASToken

Generates a SAS token for an Azure storage blob.

Syntax

New-AzStorageBlobSASToken
   [-Container] <String>
   [-Blob] <String>
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageBlobSASToken
   -CloudBlob <CloudBlob>
   -Policy <String>
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageBlobSASToken
   -CloudBlob <CloudBlob>
   [-Permission <String>]
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzStorageBlobSASToken
   [-Container] <String>
   [-Blob] <String>
   -Policy <String>
   [-Protocol <SharedAccessProtocol>]
   [-IPAddressOrRange <String>]
   [-StartTime <DateTime>]
   [-ExpiryTime <DateTime>]
   [-FullUri]
   [-Context <IStorageContext>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzStorageBlobSASToken cmdlet generates a Shared Access Signature (SAS) token for an Azure storage blob.

Examples

Example 1: Generate a blob SAS token with full blob permission

PS C:\>New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd

This example generates a blob SAS token with full blob permission.

Example 2: Generate a blob SAS token with life time

PS C:\> $StartTime = Get-Date
PS C:\> $EndTime = $startTime.AddHours(2.0)
PS C:\> New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime

This example generates a blob SAS token with life time.

Example 3: Generate a User Identity SAS token with storage context based on OAuth authentication

PS C:\> $ctx = New-AzStorageContext -StorageAccountName $accountName -UseConnectedAccount
PS C:\> $StartTime = Get-Date
PS C:\> $EndTime = $startTime.AddDays(6)
PS C:\> New-AzStorageBlobSASToken -Container "ContainerName" -Blob "BlobName" -Permission rwd -StartTime $StartTime -ExpiryTime $EndTime -context $ctx

This example generates a User Identity blob SAS token with storage context based on OAuth authentication

Parameters

-Blob

Specifies the storage blob name.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CloudBlob

Specifies the CloudBlob object. To obtain a CloudBlob object, use the Get-AzStorageBlob cmdlet.

Type:CloudBlob
Aliases:ICloudBlob
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Container

Specifies the storage container name.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Context

Specifies the storage context. When the storage context is based on OAuth authentication, will generates a User Identity blob SAS token.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.IStorageContext
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExpiryTime

Specifies when the shared access signature expires. When the storage context is based on OAuth authentication, the expire time must be in 7 days from current time, and must not be earlier than current time.

Type:System.Nullable`1[System.DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-FullUri

Indicates that this cmdlet return the full blob URI and the shared access signature token.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IPAddressOrRange

Specifies the IP address or range of IP addresses from which to accept requests, such as 168.1.5.65 or 168.1.5.60-168.1.5.70. The range is inclusive.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Permission

Specifies the permissions for a storage blob. It is important to note that this is a string, like rwd (for Read, Write and Delete).

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Policy

Specifies an Azure Stored Access Policy.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Protocol

Specifies the protocol permitted for a request. The acceptable values for this parameter are:

  • HttpsOnly
  • HttpsOrHttp The default value is HttpsOrHttp.
Type:System.Nullable`1[Microsoft.Azure.Storage.SharedAccessProtocol]
Accepted values:HttpsOnly, HttpsOrHttp
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-StartTime

Specifies the time at which the shared access signature becomes valid.

Type:System.Nullable`1[System.DateTime]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

CloudBlob

Microsoft.Azure.Commands.Common.Authentication.Abstractions.IStorageContext

Outputs

String