Optional. Beginning in version 2020-02-10, this value will be used for the AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access. the Azure Storage Service will perform an additional POSIX ACL check to determine if the user is authorized to perform the requested operation. This cannot be used in conjuction with PreauthorizedAgentObjectId. This is only used with generating User Delegation SAS.

Override the value returned for Cache-Control response header.

Override the value returned for Content-Disposition response header.

Override the value returned for Cache-Encoding response header.

Override the value returned for Cache-Language response header.

Override the value returned for Cache-Type response header.

Optional. Beginning in version 2020-02-10, this value will be used for to correlate the storage audit logs with the audit logs used by the principal generating and distributing SAS. This is only used for User Delegation SAS.

Optional. Beginning in version 2025-07-05, this value specifies the Entra ID of the user would is authorized to use the resulting SAS URL. The resulting SAS URL must be used in conjunction with an Entra ID token that has been issued to the user specified in this value.

Optional. Encryption scope to use when sending requests authorized with this SAS URI.

The time at which the shared access signature becomes invalid. This field must be omitted if it has been specified in an associated stored access policy.

The name of the file system being made accessible.

An optional unique value up to 64 characters in length that correlates to an access policy specified for the file system.

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. When specifying a range of IP addresses, note that the range is inclusive.

Beginning in version 2020-02-10, this value defines whether or not the Path is a directory. If this value is set to true, the Path is a Directory for a Directory SAS. If set to false or default, the Path is a File Path for a File Path SAS.

The name of the path being made accessible, or Empty for a file system SAS. Beginning in version 2020-02-10, setting IsDirectory to true means we will accept the Path as a directory for a directory SAS. If not set, this value is assumed to be a File Path for a File Path SAS.

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. This field must be omitted if it has been specified in an associated stored access policy. The DataLakeSasPermissions, DataLakeFileSystemSasPermissions or DataLakeAccountSasPermissions can be used to create the permissions string.

Optional. Beginning in version 2020-02-10, this value will be used for the AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access. No additional permission check for the user specified in this value will be performed. This cannot be used in conjuction with AgentObjectId. This is only used with generating User Delegation SAS.

The optional signed protocol field specifies the protocol permitted for a request made with the SAS. Possible values are HttpsAndHttp, Https, and None.

Specifies which resources are accessible via the shared access signature. Specify "b" if the shared resource is a blob. This grants access to the content and metadata of the blob. Specify "c" if the shared resource is a blob container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. Beginning in version 2018-11-09, specify "bs" if the shared resource is a blob snapshot. This grants access to the content and metadata of the specific snapshot, but not the corresponding root blob. Beginning in version 2020-02-10, specify "d" if the shared resource is a DataLake directory. This grants access to the paths in the directory and to list the paths in the directory. When "d" is specified, the sdd query parameter is also required.

Optionally specify the time at which the shared access signature becomes valid. If omitted when DateTimeOffset.MinValue is used, start time for this call is assumed to be the time when the storage service receives the request.

The storage service version to use to authenticate requests made with this shared access signature, and the service version to use when handling requests made with this shared access signature.

Initializes a new instance of the DataLakeSasBuilder class.

Initializes a new instance of the DataLakeSasBuilder class to create a Blob Service Sas.

Initializes a new instance of the DataLakeSasBuilder class to create a Blob Service Sas.

Sets the permissions for a file SAS.

Sets the permissions for a path account level SAS.

Sets the permissions for a file system SAS.

Sets the permissions for the SAS using a raw permissions string.

Sets the permissions for the SAS using a raw permissions string.

Use an account's StorageSharedKeyCredential to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Use an account's StorageSharedKeyCredential to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Use an account's UserDelegationKey to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.

Use an account's UserDelegationKey to sign this shared access signature values to produce the proper SAS query parameters for authenticating requests.