I have a integration with Azure Storage. I'm downloading blobs, moving them to archive folder. Authentication is done with SAS token, works fine with standard token. But when token is IP restricted I can download a package but cannot move it around container. It throws error on StartCopyFromUri.

   internal void DownloadBlobPackages()
    {
        this.containerClient = new BlobClient(new Uri("token")).GetParentBlobContainerClient();

        Azure.Pageable<BlobItem> blobList = this.containerClient.GetBlobs(prefix: settings.AzureSettings.AzureUntranslatedBlobsFolder);

        if (blobList.Any())
        {
            foreach (BlobItem blobItem in blobList)
            {
                BlobClient sourceBlobClient = this.containerClient.GetBlobClient(blobItem.Name);
                BlobClient tgtBlobClient = this.containerClient.GetBlobClient("arhivefolder/"  sourceBlobClient.Name);
                tgtBlobClient.StartCopyFromUri(sourceBlobClient.Uri);
            }
        }
       
    }

Can anyone please help?

CodePudding user response：

This is expected behavior. Copy operation is an async server-side operation done by Azure Storage. Since your SAS token has IP restrictions in it and it does not include the IP addresses of the Azure Storage Service from where the copy operation is being execute, Azure Storage Service is not able to read the source blob.

To fix this issue, you will need to use a SAS token without IP restriction for copy operation.

UPDATE

If you are copying blobs in the same container (or same storage account), then you need not specify a SAS URL for the source blob. A simple blob URL should work just fine for copy operation.