request-adhoc-sas-token
#define parameter
Param(
[Parameter(Mandatory=$True)]
[string]$AzureAutomationAccount,
[Parameter(Mandatory=$True)]
[string]$FileWebUrl,
[Parameter(Mandatory=$True)]
[string]$StorageAccountName,
[Parameter(Mandatory=$True)]
[string]$StorageResourceGroup,
[Parameter(Mandatory=$True)]
[string]$StorageContainerName,
[Parameter(Mandatory=$True)]
[string]$BlobName,
[Parameter(Mandatory=$false)]
[ValidateSet("r","rw","rcw","rwcd")]
[string]$AccessRights = "r",
[Parameter(Mandatory=$false)]
[int]$TokenLifeTime = 2
)
#get credentials from Azure Automation vault
$myCredential = Get-AutomationPSCredential -Name $AzureAutomationAccount
#sign in to AzureRM
Login-AzureRmAccount -Credential $myCredential
#get current utc time for sas token starttime and expiration
$TokenStartTime = Get-Date
$TokenStartTime = $TokenStartTime.ToUniversalTime()
$TokenEndTime = $TokenStartTime.AddHours($TokenLifeTime)
#get storageaccount key, set context to container and request adhoc SAS token
$StorageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $StorageResourceGroup -AccountName $StorageAccountName).Value[0]
$StorageContext = New-AzureStorageContext $StorageAccountName -StorageAccountKey $StorageAccountKey
$SASKey = New-AzureStorageBlobSASToken -Protocol HttpsOnly -Container $StorageContainerName -Blob $BlobName -Context $StorageContext -Permission $AccessRights -StartTime $TokenStartTime -ExpiryTime $TokenEndTime
#join file-uri and SAS token to full download uri
$FullUri = "$FileWebUrl$SASKey"