Generating Shared access signature(SAS) on Azure Blob using PHP
As of 05/2015, Azure sdk for php doesn't support shared access signature(SAS) and this Blog would provide a workaround for it.
Note : For information on Shared Access Signature visit : https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
Below details would be required to create a Shared Access Signature(SAS) for blob with read access
- ACCOUNT_NAME
- CONTAINER_NAME
- BLOB_NAME
- END_DATE
- YOUR_ACCESS_KEY
You can find more information about above params in my another blog https://blogs.msdn.com/b/azureossds/archive/2015/03/30/uploading-files-to-azure-storage-using-sas-shared-access-signature.aspx
1) Use Below function to create a shared access signature for blob in storage.
function getSASForBlob($accountName,$container, $blob, $resourceType, $permissions, $expiry,$key)
{
/* Create the signature */
$_arraysign = array();
$_arraysign[] = $permissions;
$_arraysign[] = '';
$_arraysign[] = $expiry;
$_arraysign[] = '/' . $accountName . '/' . $container . '/' . $blob;
$_arraysign[] = '';
$_arraysign[] = "2014-02-14"; //the API version is now required
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_arraysign[] = '';
$_str2sign = implode("\n", $_arraysign);
return base64_encode(
hash_hmac('sha256', urldecode(utf8_encode($_str2sign)), base64_decode($key), true)
);
}
2) Use Below function to create a signed blob url using shared access signature which was generated from above function
function getBlobUrl($accountName,$container,$blob,$resourceType,$permissions,$expiry,$_signature)
{
/* Create the signed query part */
$_parts = array();
$_parts[] = (!empty($expiry))?'se=' . urlencode($expiry):'';
$_parts[] = 'sr=' . $resourceType;
$_parts[] = (!empty($permissions))?'sp=' . $permissions:'';
$_parts[] = 'sig=' . urlencode($_signature);
$_parts[] = 'sv=2014-02-14';
/* Create the signed blob URL */
$_url = 'https://'
.$accountName.'.blob.core.windows.net/'
. $container . '/'
. $blob . '?'
. implode('&', $_parts);
return $_url;
}
Simple test scenario using above two functions
$_signature = getSASForBlob(ACCOUNT_NAME,CONTAINER_NAME,BLOB_NAME,'b','r',END_DATE,YOUR_KEY);
$_blobUrl = getBlobUrl(ACCOUNT_NAME,CONTAINER_NAME,BLOB_NAME,'b','r',END_DATE,$_signature);
Sample Blob url which I generated using above : https://samplemadi.blob.core.windows.net/samplecontainer/sample.txt?se=2016-10-12&sr=b&sp=r&sig=it0j%2BJIfJK%2FZCn65AoGOHaIxMYamFidkPQroPAQMxwY%3D&sv=2014-02-14
Comments
Anonymous
May 22, 2015
The comment has been removedAnonymous
June 01, 2015
Appreciate your work on SAS blob but you may have to change api_version from 2012-02-12 to 2014-02-14.Anonymous
December 16, 2016
Hi, does this works with account name and key for AzureStorageEmulator?