Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Create an Azure Service SAS
See more Azure Cloud Storage Examples
Shows how to generate an Azure Service SAS.Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.FileAccess,
Chilkat.AuthAzureSAS,
Chilkat.CkDateTime;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
authSas: TAuthAzureSAS;
dt: TCkDateTime;
sasToken: string;
fac: TFileAccess;
begin
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// ----------------------------------------------------------------------------------------------
// Create a Shared Access Signature (SAS) token for an Azure Service (Blob, Queue, Table, or File)
// -----------------------------------------------------------------------------------------------
// See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
// for details.
authSas := TAuthAzureSAS.Create;
authSas.AccessKey := 'AZURE_ACCESS_KEY';
// Specify the format of the string to sign.
// Each comma character in the following string represents a LF ("\n") character.
// The names specified in the StringToSign are replaced with the values specified
// in the subsequent calls to SetTokenParam and SetNonTokenParam,.
// Note: The trailing comma in the StringToSign is intentional and important. This indicates that the
// string to sign will end with a "\n".
// Also note: The names in the StringToSign are case sensitive. The names
// specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
// match a name listed in StringToSign.
// Version 2018-11-09 and later
//
// Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields.
// These must be included in the string-to-sign. To construct the string-to-sign for Blob service resources, use the following format:
//
// StringToSign = signedpermissions + "\n" +
// signedstart + "\n" +
// signedexpiry + "\n" +
// canonicalizedresource + "\n" +
// signedidentifier + "\n" +
// signedIP + "\n" +
// signedProtocol + "\n" +
// signedversion + "\n" +
// signedResource + "\n"
// signedSnapshotTime + "\n" +
// rscc + "\n" +
// rscd + "\n" +
// rsce + "\n" +
// rscl + "\n" +
// rsct
//
authSas.StringToSign := 'signedpermissions,signedstart,signedexpiry,canonicalizedresource,signedidentifier,signedIP,signedProtocol,signedversion,signedResource,signedSnapshotTime,rscc,rscd,rsce,rscl,rsct';
authSas.SetTokenParam('signedpermissions','sp','rw');
dt := TCkDateTime.Create;
dt.SetFromCurrentSystemTime();
authSas.SetTokenParam('signedstart','st',dt.GetAsIso8601('YYYY-MM-DDThh:mmTZD',False));
// This SAS token will be valid for 30 days.
dt.AddDays(30);
authSas.SetTokenParam('signedexpiry','se',dt.GetAsIso8601('YYYY-MM-DDThh:mmTZD',False));
// The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version
// 2021-08-06 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blob�s container. Table names must be
// lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
// For example:
// URL = https://chilkat.blob.core.windows.net/mycontainer/starfish.jpg
// canonicalizedresource = "/blob/chilkat/mycontainer/starfish.jpg"
// IMPORTANT: See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas for all details..
authSas.SetNonTokenParam('canonicalizedresource','/blob/chilkat/mycontainer/starfish.jpg');
authSas.SetTokenParam('signedProtocol','spr','https');
// Specifiy values and query param names for each field.
// If a field is not specified, then an empty string will be used for its value.
authSas.SetTokenParam('signedversion','sv','2018-11-09');
// Indicate that we are creating a service SAS that is limited to the blob resource.
// (Specify b if the shared resource is a blob. This grants access to the content and metadata of the blob.
// Specify c if the shared resource is a container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. )
authSas.SetTokenParam('signedResource','sr','b');
// Note that we did not call SetTokenParam for "signedIP", "signedSnapshotTime", "rscc", and others. For any omitted fields
// the value will default to the empty string.
// Generate the SAS token.
sasToken := authSas.GenerateToken();
if (authSas.LastMethodSuccess <> True) then
begin
WriteLn(authSas.LastErrorText);
Exit;
end;
WriteLn('SAS token: ' + sasToken);
// Save the SAS Service token to a file.
// We can then use this pre-generated token for future Azure Storage Account operations.
fac := TFileAccess.Create;
fac.WriteEntireTextFile('qa_data/tokens/azureStorageServiceSas.txt',sasToken,'utf-8',False);
authSas.Free;
dt.Free;
fac.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.