Creating a shared access signature for a container or blob
The Azure Blob service supports fully authenticated requests, anonymous requests, and requests authenticated by a temporary access key, referred to as a shared access signature. The latter allows access to containers or blobs to only those in possession of the shared access signature.
A shared access signature is constructed from a combination of the following:
Resource (container or blob)
Access rights (read, write, delete, and list)
Start time
Expiration time
Advanced settings
These are combined into a string from which a 256-bit HMAC is generated. An access key for the storage account is used to seed the HMAC generation. This HMAC is referred to as a shared access signature. The process of generating a shared access signature requires no interaction with the Blob service.
Tip
Prior to API Version 2012-02-12, a shared access signature was valid for up to 1 hour, which limited the allowable values for the start time and expiration time....
