If you use ASP.NET (core), you can stream the content to the browser without saving the file on the server and using FileStreamResult which is IActionResult would be more elegant solution.
var stream = await blob.OpenReadAsync();
return File(stream, blob.Properties.ContentType, option);
This is the best solution if you don't want to risk your SAS tokens getting stolen, they are just in the query string after all so are not encrypted even with https.