I have a web application generating user-delegated SAS tokens authorized by the managed identity for the app.
I want to be able to monitor who uses the tokens, so I added a Correlation Id in the scid
field of the token.
However, this does not show up in the logs the way I hoped it would:
Am I misunderstanding how this is supposed to work? I thought I could (a) generate a GUID, (b) log it in the application, (c) include it in the SAS token, and (d) look it up in the Log Analytics for the Storage Account. Instead the Storage Account log generates its own CorrelationId and my scid
parameter is nowhere to be found, other than in the SAS token itself.
2
Answers
AFAIK Correlation Id is the unique identifier (GUID). This will be autogenerated for every request that server receives.
signedCorrelationId
(scid
) field specifies a correlation ID that may be used to correlate the storage audit logs with the audit logs that are used by the principal that generates and distribute. This is a part of SAS token and used for correlating logs for both local and audit.The correlationId in the logs is for GetBlob request.
The correlation id for the SAS generator is to identify a SAS when a SAS is generated or distributed. This is the "scid" in the signed fields, so in storage audit logs, users can correlate a SAS access with the person who received the SAS from the resource url that includes sas.
It maps to:
Storage Analytics log format (REST API) – Azure Storage | Microsoft Docs
string The complete URL of the request, in quotes. "https://myaccount.blob.core.windows.net/mycontainer/2025c44c-d25e-42bf-8507-7a5ca4faa034?timeout=30000"