Sample code for 30+ languages & platforms
Unicode C

Create an Azure Service SAS

See more Azure Cloud Storage Examples

Shows how to generate an Azure Service SAS.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkAuthAzureSASW.h>
#include <C_CkDateTimeW.h>
#include <C_CkFileAccessW.h>

void ChilkatSample(void)
    {
    HCkAuthAzureSASW authSas;
    HCkDateTimeW dt;
    const wchar_t *sasToken;
    HCkFileAccessW fac;

    //  This requires the Chilkat API to have been previously unlocked.
    //  See Global Unlock Sample for sample code.

    //  ----------------------------------------------------------------------------------------------
    //  Create a Shared Access Signature (SAS) token for an Azure Service (Blob, Queue, Table, or File)
    //  -----------------------------------------------------------------------------------------------

    //  See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
    //  for details.

    authSas = CkAuthAzureSASW_Create();
    CkAuthAzureSASW_putAccessKey(authSas,L"AZURE_ACCESS_KEY");

    //  Specify the format of the string to sign.
    //  Each comma character in the following string represents a LF ("\n") character.
    //  The names specified in the StringToSign are replaced with the values specified
    //  in the subsequent calls to SetTokenParam and SetNonTokenParam,.

    //  Note: The trailing comma in the StringToSign is intentional and important. This indicates that the 
    //  string to sign will end with a "\n".

    //  Also note: The names in the StringToSign are case sensitive.  The names
    //  specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
    //  match a name listed in StringToSign. 

    //  Version 2018-11-09 and later
    //  
    //  Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields. 
    //  These must be included in the string-to-sign. To construct the string-to-sign for Blob service resources, use the following format:
    //  
    //  StringToSign = signedpermissions + "\n" +  
    //                 signedstart + "\n" +  
    //                 signedexpiry + "\n" +  
    //                 canonicalizedresource + "\n" +  
    //                 signedidentifier + "\n" +  
    //                 signedIP + "\n" +  
    //                 signedProtocol + "\n" +  
    //                 signedversion + "\n" +  
    //                 signedResource + "\n"
    //                 signedSnapshotTime + "\n" +
    //                 rscc + "\n" +  
    //                 rscd + "\n" +  
    //                 rsce + "\n" +  
    //                 rscl + "\n" +  
    //                 rsct  
    //  

    CkAuthAzureSASW_putStringToSign(authSas,L"signedpermissions,signedstart,signedexpiry,canonicalizedresource,signedidentifier,signedIP,signedProtocol,signedversion,signedResource,signedSnapshotTime,rscc,rscd,rsce,rscl,rsct");

    CkAuthAzureSASW_SetTokenParam(authSas,L"signedpermissions",L"sp",L"rw");

    dt = CkDateTimeW_Create();
    CkDateTimeW_SetFromCurrentSystemTime(dt);
    CkAuthAzureSASW_SetTokenParam(authSas,L"signedstart",L"st",CkDateTimeW_getAsIso8601(dt,L"YYYY-MM-DDThh:mmTZD",FALSE));

    //  This SAS token will be valid for 30 days.
    CkDateTimeW_AddDays(dt,30);
    CkAuthAzureSASW_SetTokenParam(authSas,L"signedexpiry",L"se",CkDateTimeW_getAsIso8601(dt,L"YYYY-MM-DDThh:mmTZD",FALSE));

    //  The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version
    //  2021-08-06 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blob�s container. Table names must be
    //  lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
    //  For example:
    //  URL = https://chilkat.blob.core.windows.net/mycontainer/starfish.jpg
    //  canonicalizedresource = "/blob/chilkat/mycontainer/starfish.jpg"  
    //  IMPORTANT: See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas for all details..
    CkAuthAzureSASW_SetNonTokenParam(authSas,L"canonicalizedresource",L"/blob/chilkat/mycontainer/starfish.jpg");

    CkAuthAzureSASW_SetTokenParam(authSas,L"signedProtocol",L"spr",L"https");

    //   Specifiy values and query param names for each field.
    //   If a field is not specified, then an empty string will be used for its value.
    CkAuthAzureSASW_SetTokenParam(authSas,L"signedversion",L"sv",L"2018-11-09");

    //  Indicate that we are creating a service SAS that is limited to the blob resource.
    //  (Specify b if the shared resource is a blob. This grants access to the content and metadata of the blob.
    //   Specify c if the shared resource is a container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. )
    CkAuthAzureSASW_SetTokenParam(authSas,L"signedResource",L"sr",L"b");

    //  Note that we did not call SetTokenParam for "signedIP", "signedSnapshotTime", "rscc", and others.  For any omitted fields
    //  the value will default to the empty string.

    //  Generate the SAS token.
    sasToken = CkAuthAzureSASW_generateToken(authSas);
    if (CkAuthAzureSASW_getLastMethodSuccess(authSas) != TRUE) {
        wprintf(L"%s\n",CkAuthAzureSASW_lastErrorText(authSas));
        CkAuthAzureSASW_Dispose(authSas);
        CkDateTimeW_Dispose(dt);
        return;
    }

    wprintf(L"SAS token: %s\n",sasToken);

    //  Save the SAS Service token to a file.
    //  We can then use this pre-generated token for future Azure Storage Account operations.
    fac = CkFileAccessW_Create();
    CkFileAccessW_WriteEntireTextFile(fac,L"qa_data/tokens/azureStorageServiceSas.txt",sasToken,L"utf-8",FALSE);


    CkAuthAzureSASW_Dispose(authSas);
    CkDateTimeW_Dispose(dt);
    CkFileAccessW_Dispose(fac);

    }