![]() Stored access policies are not supported for a user delegation SAS. You can then use the user delegation key to create the SAS.Ī user delegation SAS is supported for Azure Blob Storage and Azure Data Lake Storage Gen2. To request the user delegation key, call the Get User Delegation Key operation. ![]() The user delegation key is analogous to the account key that's used to sign a service SAS or an account SAS, except that it relies on your Azure AD credentials. ![]() To create a user delegation SAS, you must first request a user delegation key, which you then use to sign the SAS. When your application design requires shared access signatures, use Azure AD credentials to create a user delegation SAS to help ensure better security.Įvery SAS is signed with a key. As a security best practice, we recommend that you use Azure AD credentials when possible, rather than the account key, which can be more easily compromised. A SAS that's secured with Azure AD credentials is called a user delegation SAS. You can secure a shared access signature (SAS) token for access to a container, directory, or blob by using either Azure Active Directory (Azure AD) credentials or an account key.
0 Comments
Leave a Reply. |