How to use the CorrelationId of an Azure SAS token?

Question

I have a web application generating user-delegated SAS tokens authorized by the managed identity for the app.

I want to be able to monitor who uses the tokens, so I added a Correlation Id in the scid field of the token.

However, this does not show up in the logs the way I hoped it would:

Am I misunderstanding how this is supposed to work? I thought I could (a) generate a GUID, (b) log it in the application, (c) include it in the SAS token, and (d) look it up in the Log Analytics for the Storage Account. Instead the Storage Account log generates its own CorrelationId and my scid parameter is nowhere to be found, other than in the SAS token itself.

Answer 1

AFAIK Correlation Id is the unique identifier (GUID). This will be autogenerated for every request that server receives.

• Correlation ID will generate whenever there is operations on storage account. This is mainly used for logging storage logs.
• As mentioned in MS document The signedCorrelationId (scid) field specifies a correlation ID that may be used to correlate the storage audit logs with the audit logs that are used by the principal that generates and distribute. This is a part of SAS token and used for correlating logs for both local and audit.
• So even when you set correlation ID in scid parameter it will not reflect in correlation ID because that is autogenerated for each request sent to server.
• If you want to track who is using tokens, I will suggest you add custom properties like user id and email id.
• Reference MS document

Answer 2

The correlationId in the logs is for GetBlob request. The correlation id for the SAS generator is to identify a SAS when a SAS is generated or distributed. This is the "scid" in the signed fields, so in storage audit logs, users can correlate a SAS access with the person who received the SAS from the resource url that includes sas.

It maps to: Storage Analytics log format (REST API) - Azure Storage | Microsoft Docs string The complete URL of the request, in quotes. "https://myaccount.blob.core.windows.net/mycontainer/2025c44c-d25e-42bf-8507-7a5ca4faa034?timeout=30000"