Q. What is a Shared Access Signature (SAS)?

A. Ordinarily to access storage accounts one of two account keys are used along with the storage account name which gives full administrative access to the storage account and everything within it however there are many times when this level access is not required for an application or you cannot share the account key. Shared Access Signatures (SAS) provide a method to grant limited access to specific storage services and even specific storage objects that can also be limited to a certain time duration and even from specific IP addresses.

For more information on SAS see the Microsoft article athttps://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/ which has a full walkthrough for the creation of SAS tokens and the options that can be used with them.