Introduction
Microsoft Azure provides secure and direct access to resources in your Azure storage account. A shared access signature (SAS) is a token that is appended to the URI for an Azure storage resource. The token that contains a special set of query parameters that indicate how the resources may be accessed by the client. This token contains:
- What resources the client may access.
- What permissions they have to those resources.
- How long the SAS is valid.
This article provides an overview of the behavior of SAS links when used with eXtendFiles.
Duration of SAS Links
There is no maximum SAS expiration limitation, but it's advisable to keep the SAS validity period reasonable based on your security needs and to avoid excessively long durations. Consider these factors:
- Security: A shorter validity period reduces the risk of exposure if the SAS token is compromised.
- Refresh needs: If your application requires long-lived access, consider refreshing the SAS token periodically instead of using extremely long validity period.
Link Expiration
After the validity period, the SAS link expires. If someone attempts to access the Azure object using the expired link, they will be directed to an 'Authentication Failed' error page. This page indicates that the SAS link is no longer valid:
Regenerating SAS Links
Once a SAS link has expired, it cannot be used to access the Azure object. However, the object can still be accessed by generating a new SAS link.
It’s important to note that the existing link cannot be reused. Instead, a new link with a new expiration date must be generated. This new link must be used to access the file.
Frequently Asked Questions (FAQs)
- Q: Can the expiration time of a SAS link be changed?
A: Yes, the expiration time of an Azure SAS link can be set at the time of its creation. However, once the link has been created, the expiration time cannot be changed. If you need to extend the access to the object, you will need to create a new signed link with a new expiration time. - Q: Is there a limit to the number of SAS links I can create for an object?
A: No, there is no limit to the number of signed links that can be created for an object. Each link will have its own unique expiration time which is set during the creation of the link. - Q: What happens if a SAS link is used after it has expired?A: If a link is used after its expiration, access to the Azure object will be denied. The user will be directed to an 'AuthenticationFailed' error page. To regain access, a new SAS link must be generated.
- Q: Can I create a SAS link with no expiration?
A: No, all Azure SAS links must have an expiration time. This is a security measure to prevent unauthorized long-term access to your Azure storage resources.