Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Create an Azure Service SAS

See more Azure Cloud Storage Examples

Shows how to generate an Azure Service SAS.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.FileAccess,
  Chilkat.AuthAzureSAS,
  Chilkat.CkDateTime;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  authSas: TAuthAzureSAS;
  dt: TCkDateTime;
  sasToken: string;
  fac: TFileAccess;

begin
  //  This requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  //  ----------------------------------------------------------------------------------------------
  //  Create a Shared Access Signature (SAS) token for an Azure Service (Blob, Queue, Table, or File)
  //  -----------------------------------------------------------------------------------------------

  //  See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
  //  for details.

  authSas := TAuthAzureSAS.Create;
  authSas.AccessKey := 'AZURE_ACCESS_KEY';

  //  Specify the format of the string to sign.
  //  Each comma character in the following string represents a LF ("\n") character.
  //  The names specified in the StringToSign are replaced with the values specified
  //  in the subsequent calls to SetTokenParam and SetNonTokenParam,.

  //  Note: The trailing comma in the StringToSign is intentional and important. This indicates that the 
  //  string to sign will end with a "\n".

  //  Also note: The names in the StringToSign are case sensitive.  The names
  //  specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
  //  match a name listed in StringToSign. 

  //  Version 2018-11-09 and later
  //  
  //  Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields. 
  //  These must be included in the string-to-sign. To construct the string-to-sign for Blob service resources, use the following format:
  //  
  //  StringToSign = signedpermissions + "\n" +  
  //                 signedstart + "\n" +  
  //                 signedexpiry + "\n" +  
  //                 canonicalizedresource + "\n" +  
  //                 signedidentifier + "\n" +  
  //                 signedIP + "\n" +  
  //                 signedProtocol + "\n" +  
  //                 signedversion + "\n" +  
  //                 signedResource + "\n"
  //                 signedSnapshotTime + "\n" +
  //                 rscc + "\n" +  
  //                 rscd + "\n" +  
  //                 rsce + "\n" +  
  //                 rscl + "\n" +  
  //                 rsct  
  //  

  authSas.StringToSign := 'signedpermissions,signedstart,signedexpiry,canonicalizedresource,signedidentifier,signedIP,signedProtocol,signedversion,signedResource,signedSnapshotTime,rscc,rscd,rsce,rscl,rsct';

  authSas.SetTokenParam('signedpermissions','sp','rw');

  dt := TCkDateTime.Create;
  dt.SetFromCurrentSystemTime();
  authSas.SetTokenParam('signedstart','st',dt.GetAsIso8601('YYYY-MM-DDThh:mmTZD',False));

  //  This SAS token will be valid for 30 days.
  dt.AddDays(30);
  authSas.SetTokenParam('signedexpiry','se',dt.GetAsIso8601('YYYY-MM-DDThh:mmTZD',False));

  //  The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version
  //  2021-08-06 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blob�s container. Table names must be
  //  lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
  //  For example:
  //  URL = https://chilkat.blob.core.windows.net/mycontainer/starfish.jpg
  //  canonicalizedresource = "/blob/chilkat/mycontainer/starfish.jpg"  
  //  IMPORTANT: See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas for all details..
  authSas.SetNonTokenParam('canonicalizedresource','/blob/chilkat/mycontainer/starfish.jpg');

  authSas.SetTokenParam('signedProtocol','spr','https');

  //   Specifiy values and query param names for each field.
  //   If a field is not specified, then an empty string will be used for its value.
  authSas.SetTokenParam('signedversion','sv','2018-11-09');

  //  Indicate that we are creating a service SAS that is limited to the blob resource.
  //  (Specify b if the shared resource is a blob. This grants access to the content and metadata of the blob.
  //   Specify c if the shared resource is a container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. )
  authSas.SetTokenParam('signedResource','sr','b');

  //  Note that we did not call SetTokenParam for "signedIP", "signedSnapshotTime", "rscc", and others.  For any omitted fields
  //  the value will default to the empty string.

  //  Generate the SAS token.
  sasToken := authSas.GenerateToken();
  if (authSas.LastMethodSuccess <> True) then
    begin
      WriteLn(authSas.LastErrorText);
      Exit;
    end;

  WriteLn('SAS token: ' + sasToken);

  //  Save the SAS Service token to a file.
  //  We can then use this pre-generated token for future Azure Storage Account operations.
  fac := TFileAccess.Create;
  fac.WriteEntireTextFile('qa_data/tokens/azureStorageServiceSas.txt',sasToken,'utf-8',False);


  authSas.Free;
  dt.Free;
  fac.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.