private static void configureCors(CloudStorageAccount storageAccount)
{
var blobClient = storageAccount.CreateCloudBlobClient();
Console.WriteLine("Storage Account: " + storageAccount.BlobEndpoint);
var newProperties = CurrentProperties(blobClient);
newProperties.DefaultServiceVersion = "2013-08-15";
blobClient.SetServiceProperties(newProperties);
var addRule = true;
if (addRule)
{
var ruleWideOpenWriter = new CorsRule()
{
AllowedHeaders = ALLOWED_CORS_HEADERS,
AllowedOrigins = ALLOWED_CORS_ORIGINS,
AllowedMethods = ALLOWED_CORS_METHODS,
MaxAgeInSeconds = (int)TimeSpan.FromDays(ALLOWED_CORS_AGE_DAYS).TotalSeconds
};
newProperties.Cors.CorsRules.Clear();
newProperties.Cors.CorsRules.Add(ruleWideOpenWriter);
blobClient.SetServiceProperties(newProperties);
Console.WriteLine("New Properties:");
CurrentProperties(blobClient);
Console.ReadLine();
}
}
public void CreateCorsRule(CorsRule corsRule)
{
var azureClient = GetAzureClient();
var serviceProperties = azureClient.GetServiceProperties();
serviceProperties.Cors.CorsRules.Add(corsRule);
azureClient.SetServiceProperties(serviceProperties);
}
public void UpdateCorsRule(int id, CorsRule corsRule)
{
var azureClient = GetAzureClient();
var serviceProperties = azureClient.GetServiceProperties();
serviceProperties.Cors.CorsRules[id] = corsRule;
azureClient.SetServiceProperties(serviceProperties);
}
public async Task SetCorsPropertiesAsync(CancellationToken cancellationToken)
{
var cors = new CorsRule();
cors.AllowedOrigins.Add("*");
cors.AllowedMethods = CorsHttpMethods.Put;
cors.ExposedHeaders.Add("*");
cors.AllowedHeaders.Add("*");
cors.MaxAgeInSeconds = (int)TimeSpan.FromHours(1).TotalSeconds;
var serviceProperties = await this.blobClient.GetServicePropertiesAsync(cancellationToken);
serviceProperties.Cors.CorsRules.Clear();
serviceProperties.Cors.CorsRules.Add(cors);
await this.blobClient.SetServicePropertiesAsync(serviceProperties, cancellationToken);
}
public void TestSetServicePropertiesWithoutMetricsAndLoggingProperties()
{
ServiceProperties serviceProperties = new ServiceProperties(cors: new CorsProperties());
Microsoft.WindowsAzure.Storage.Shared.Protocol.CorsRule rule = new Microsoft.WindowsAzure.Storage.Shared.Protocol.CorsRule();
rule.AllowedHeaders.Add("x-ms-meta-xyz");
rule.AllowedHeaders.Add("x-ms-meta-data*");
rule.AllowedMethods = CorsHttpMethods.Get | CorsHttpMethods.Put;
rule.ExposedHeaders.Add("x-ms-meta-source*");
rule.AllowedOrigins.Add("*");
rule.AllowedMethods = CorsHttpMethods.Get;
serviceProperties.Cors.CorsRules.Add(rule);
client.SetServiceProperties(serviceProperties);
}
public override void ExecuteCmdlet()
{
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.Clean();
serviceProperties.Cors = new CorsProperties();
foreach (var corsRuleObject in this.CorsRules)
{
CorsRule corsRule = new CorsRule();
corsRule.AllowedHeaders = corsRuleObject.AllowedHeaders;
corsRule.AllowedOrigins = corsRuleObject.AllowedOrigins;
corsRule.ExposedHeaders = corsRuleObject.ExposedHeaders;
corsRule.MaxAgeInSeconds = corsRuleObject.MaxAgeInSeconds;
this.SetAllowedMethods(corsRule, corsRuleObject.AllowedMethods);
serviceProperties.Cors.CorsRules.Add(corsRule);
}
try
{
Channel.SetStorageServiceProperties(ServiceType, serviceProperties,
GetRequestOptions(ServiceType), OperationContext);
}
catch (StorageException se)
{
if ((null != se.RequestInformation) &&
((int)HttpStatusCode.BadRequest == se.RequestInformation.HttpStatusCode) &&
(null != se.RequestInformation.ExtendedErrorInformation) &&
(string.Equals(InvalidXMLNodeValueError, se.RequestInformation.ExtendedErrorInformation.ErrorCode, StringComparison.OrdinalIgnoreCase) ||
string.Equals(InvalidXMLDocError, se.RequestInformation.ExtendedErrorInformation.ErrorCode, StringComparison.OrdinalIgnoreCase)))
{
throw new InvalidOperationException(Resources.CORSRuleError);
}
else
{
throw;
}
}
if (PassThru)
{
WriteObject(this.CorsRules);
}
}
public ActionResult Index()
{
//code here
var storageAccount = CloudStorageAccount.Parse(
CloudConfigurationManager.GetSetting("StorageConnectionString"));
var client = storageAccount.CreateCloudTableClient();
var corsRule = new CorsRule()
{
AllowedHeaders = new List<string> { "*" },
AllowedMethods = CorsHttpMethods.Connect | CorsHttpMethods.Get,
//Since we'll only be calling Query Tables, let's just allow GET verb
AllowedOrigins = new List<string> { "*" }, //This is the URL of our application.
ExposedHeaders = new List<string> { "*" },
MaxAgeInSeconds = 1 * 60 * 60, //Let the browswer cache it for an hour
};
ServiceProperties serviceProperties = client.GetServiceProperties();
CorsProperties corsSettings = serviceProperties.Cors;
//add the rule
corsSettings.CorsRules.Add(corsRule);
//remove all rules - remember to save the settings to the client
//corsSettings.CorsRules.Clear();
//Save the rule
client.SetServiceProperties(serviceProperties);
//break here and inspect corsSettings
//After #4, there should already be cors rule connected to an account name.
//In order to double check what cors rules are there for that account name, we can use:
//ServiceProperties serviceProperties = client.GetServiceProperties();
// CorsProperties corsSettings = serviceProperties.Cors;
//code here
return View();
}
static void Main(string[] args)
{
StorageCredentials storageCredentials = new StorageCredentials(args[0], args[1]);
CloudStorageAccount storageAccount = new CloudStorageAccount(storageCredentials, true);
var blobClient = storageAccount.CreateCloudBlobClient();
// Define our basics for quick op
ServiceProperties blobServiceProperties = new ServiceProperties()
{
HourMetrics = null,
MinuteMetrics = null,
Logging = null,
};
// Define our CORS rules (wide open here)
CorsRule corsRule = new CorsRule()
{
AllowedHeaders = new List<string>() { "*" },
AllowedMethods = CorsHttpMethods.Get | CorsHttpMethods.Post | CorsHttpMethods.Head | CorsHttpMethods.Put,
AllowedOrigins = new List<string>() { "*" },
ExposedHeaders = new List<string>() { "*", "Accept-Ranges", "Content-Range"},
MaxAgeInSeconds = 7200
};
// Set our rule
blobServiceProperties.Cors.CorsRules.Add(corsRule);
try
{
blobClient.SetServiceProperties(blobServiceProperties);
Console.Out.WriteLine("CORS is rollin' for " + args[0]);
}
catch (Exception e)
{
Console.Out.WriteLine(e.ToString());
}
}
private CorsRuleModel MapCorsRule(CorsRule corsRule)
{
return new CorsRuleModel()
{
AllowedOrigins = corsRule.AllowedOrigins,
AllowedMethods = MapAllowedMethods(corsRule.AllowedMethods),
AllowedHeaders = corsRule.AllowedHeaders,
ExposedHeaders = corsRule.ExposedHeaders,
MaxAgeInSeconds = corsRule.MaxAgeInSeconds
};
}
public async Task RunPermissionsTestTables(SharedAccessAccountPolicy policy)
{
CloudTableClient tableClient = GenerateCloudTableClient();
string tableName = "t" + Guid.NewGuid().ToString("N");
ServiceProperties initialProperties = await tableClient.GetServicePropertiesAsync();
try
{
CloudStorageAccount account = new CloudStorageAccount(tableClient.Credentials, false);
string accountSASToken = account.GetSharedAccessSignature(policy);
StorageCredentials accountSAS = new StorageCredentials(accountSASToken);
CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, tableClient.StorageUri, null);
CloudTableClient tableClientWithSAS = accountWithSAS.CreateCloudTableClient();
CloudTable tableWithSAS = tableClientWithSAS.GetTableReference(tableName);
CloudTable table = tableClient.GetTableReference(tableName);
// General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared
// Otherwise, make sure SAS fails and then do the thing with shared key.
// Things to do:
// Create the table (Create or Write perms, Container RT)
// List tables (List perms, Container RT)
// Set table service properties (Write perms, Service RT)
// Insert an entity (Add perms, Object RT)
// Merge an entity (Update perms, Object RT)
// Insert or merge an entity (Add and update perms, Object RT) (test this twice, once for insert, once for merge.)
// Query the table for the entity (Read perms, Object RT)
// Delete the entity (Delete perms, Object RT)
if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container))
{
await tableWithSAS.CreateAsync();
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(
async () => await tableWithSAS.CreateAsync(),
"Creating a table with SAS should fail without Add and Container-level permissions.");
await table.CreateAsync();
}
Assert.IsTrue(await table.ExistsAsync());
if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container))
{
Assert.AreEqual(tableName, (await tableClientWithSAS.ListTablesSegmentedAsync(tableName, null)).First().Name);
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => (await tableClientWithSAS.ListTablesSegmentedAsync(tableName, null)).Results.First(), "Listing tables with SAS should fail without Read and Container-level permissions.");
}
ServiceProperties properties = new ServiceProperties(new LoggingProperties(), new MetricsProperties(), new MetricsProperties(), new CorsProperties());
properties.Logging = initialProperties.Logging;
properties.HourMetrics = initialProperties.HourMetrics;
properties.MinuteMetrics = initialProperties.MinuteMetrics;
properties.DefaultServiceVersion = initialProperties.DefaultServiceVersion;
CorsRule rule = new CorsRule();
string sampleOriginText = "sampleOrigin";
rule.AllowedOrigins.Add(sampleOriginText);
rule.AllowedMethods = CorsHttpMethods.Get;
rule.MaxAgeInSeconds = 100;
properties.Cors.CorsRules.Add(rule);
if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service))
{
await tableClientWithSAS.SetServicePropertiesAsync(properties);
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableClientWithSAS.SetServicePropertiesAsync(properties), "Setting table service properites should fail with SAS without Write and Service-level permissions.");
await tableClient.SetServicePropertiesAsync(properties);
}
Assert.AreEqual(sampleOriginText, rule.AllowedOrigins.First());
string propName = "prop";
string propName2 = "prop2";
DynamicTableEntity entity1 = new DynamicTableEntity();
string partitionKey = "PK";
string rowKeyPrefix = "RK";
entity1.PartitionKey = partitionKey;
entity1.RowKey = rowKeyPrefix + "1";
entity1.Properties = new Dictionary<string, EntityProperty>() { { propName, EntityProperty.GeneratePropertyForInt(4) } };
entity1.ETag = "*";
if (((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object))
{
await tableWithSAS.ExecuteAsync(TableOperation.Insert(entity1));
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.Insert(entity1)), "Inserting an entity should fail without Add and Object-level permissions.");
await table.ExecuteAsync(TableOperation.Insert(entity1));
}
TableQuery query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity1.PartitionKey, entity1.RowKey));
Assert.AreEqual(entity1.Properties[propName].Int32Value, table.ExecuteQuery(query).First().Properties[propName].Int32Value);
entity1.ETag = "*";
DynamicTableEntity entity1changed = new DynamicTableEntity();
entity1changed.PartitionKey = "PK";
entity1changed.RowKey = "RK1";
entity1changed.Properties = new Dictionary<string, EntityProperty>() { { propName2, EntityProperty.GeneratePropertyForInt(5) } };
entity1changed.ETag = "*";
if (((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object))
{
await tableWithSAS.ExecuteAsync(TableOperation.Merge(entity1changed));
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.Merge(entity1changed)), "Merging an entity should fail without Update and Object-level permissions.");
await table.ExecuteAsync(TableOperation.Merge(entity1changed));
}
DynamicTableEntity result = table.ExecuteQuery(query).First();
Assert.AreEqual(entity1.Properties[propName].Int32Value, result.Properties[propName].Int32Value);
Assert.AreEqual(entity1changed.Properties[propName2].Int32Value, result.Properties[propName2].Int32Value);
entity1changed.ETag = "*";
DynamicTableEntity entity2 = new DynamicTableEntity();
entity2.PartitionKey = partitionKey;
entity2.RowKey = rowKeyPrefix + "2";
entity2.Properties = new Dictionary<string, EntityProperty>() { { propName, EntityProperty.GeneratePropertyForInt(4) } };
entity2.ETag = "*";
if ((((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update)) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object))
{
await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2));
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2)), "Inserting or merging an entity should fail without Add and Update and Object-level permissions.");
await table.ExecuteAsync(TableOperation.InsertOrMerge(entity2));
}
query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity2.PartitionKey, entity2.RowKey));
Assert.AreEqual(entity2.Properties[propName].Int32Value, table.ExecuteQuery(query).First().Properties[propName].Int32Value);
entity2.ETag = "*";
DynamicTableEntity entity2changed = new DynamicTableEntity();
entity2changed.PartitionKey = partitionKey;
entity2changed.RowKey = rowKeyPrefix + "2";
entity2changed.Properties = new Dictionary<string, EntityProperty>() { { propName2, EntityProperty.GeneratePropertyForInt(5) } };
entity2changed.ETag = "*";
if ((((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update)) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object))
{
await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2changed));
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2changed)), "Inserting or merging an entity should fail without Add and Update and Object-level permissions.");
await table.ExecuteAsync(TableOperation.InsertOrMerge(entity2changed));
}
entity2changed.ETag = "*";
result = table.ExecuteQuery(query).First();
Assert.AreEqual(entity2.Properties[propName].Int32Value, result.Properties[propName].Int32Value);
Assert.AreEqual(entity2changed.Properties[propName2].Int32Value, result.Properties[propName2].Int32Value);
query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey ge '{1}') and (RowKey le '{2}')", entity1.PartitionKey, entity1.RowKey, entity2.RowKey));
if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object))
{
List<DynamicTableEntity> entities = tableWithSAS.ExecuteQuery(query).ToList();
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => (await tableWithSAS.ExecuteQuerySegmentedAsync(query, null)).ToList(), "Querying tables should fail with SAS without Read and Object-level permissions.");
}
if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) &&
((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object))
{
await tableWithSAS.ExecuteAsync(TableOperation.Delete(entity1));
}
else
{
await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.Delete(entity1)), "Deleting an entity should fail with SAS without Delete and Object-level permissions.");
await table.ExecuteAsync(TableOperation.Delete(entity1));
}
query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity1.PartitionKey, entity1.RowKey));
Assert.IsFalse(table.ExecuteQuery(query).Any());
}
finally
{
tableClient.GetTableReference(tableName).DeleteIfExistsAsync().Wait();
if (initialProperties != null)
{
tableClient.SetServicePropertiesAsync(initialProperties).Wait();
}
}
}
private void SetAllowedMethods(CorsRule corsRule, string[] allowedMethods)
{
corsRule.AllowedMethods = SharedProtocol.CorsHttpMethods.None;
if (null != allowedMethods)
{
foreach (var method in allowedMethods)
{
SharedProtocol.CorsHttpMethods allowedCorsMethod = SharedProtocol.CorsHttpMethods.None;
if (Enum.TryParse<SharedProtocol.CorsHttpMethods>(method, true, out allowedCorsMethod))
{
corsRule.AllowedMethods |= allowedCorsMethod;
}
else
{
throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, Resources.InvalidHTTPMethod, method));
}
}
}
}
public void CloudFileTestCorsMaxOrigins()
{
CorsRule ruleManyOrigins = new CorsRule() { AllowedMethods = CorsHttpMethods.Get, };
// Add maximum number of allowed origins
for (int i = 0; i < 64; i++)
{
ruleManyOrigins.AllowedOrigins.Add("www.xyz" + i + ".com");
}
CloudFileClient client = GenerateCloudFileClient();
this.TestCorsRules(client, new List<CorsRule>() { ruleManyOrigins });
ruleManyOrigins.AllowedOrigins.Add("www.xyz64.com");
TestHelper.ExpectedException(
() => this.TestCorsRules(client, new List<CorsRule>() { ruleManyOrigins }),
"A maximum of 64 origins are allowed.",
HttpStatusCode.BadRequest,
"InvalidXmlNodeValue");
}
public async Task CloudQueueTestValidCorsRulesAsync()
{
CorsRule ruleMinRequired = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.xyz.com" },
AllowedMethods = CorsHttpMethods.Get
};
CorsRule ruleBasic = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.ab.com", "www.bc.com" },
AllowedMethods = CorsHttpMethods.Get | CorsHttpMethods.Put,
MaxAgeInSeconds = 500,
ExposedHeaders =
new List<string>()
{
"x-ms-meta-data*",
"x-ms-meta-source*",
"x-ms-meta-abc",
"x-ms-meta-bcd"
},
AllowedHeaders =
new List<string>()
{
"x-ms-meta-data*",
"x-ms-meta-target*",
"x-ms-meta-xyz",
"x-ms-meta-foo"
}
};
CorsRule ruleAllMethods = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.xyz.com" },
AllowedMethods =
CorsHttpMethods.Put | CorsHttpMethods.Trace
| CorsHttpMethods.Connect | CorsHttpMethods.Delete
| CorsHttpMethods.Get | CorsHttpMethods.Head
| CorsHttpMethods.Options | CorsHttpMethods.Post
| CorsHttpMethods.Merge
};
CorsRule ruleSingleExposedHeader = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.ab.com" },
AllowedMethods = CorsHttpMethods.Get,
ExposedHeaders = new List<string>() { "x-ms-meta-bcd" },
};
CorsRule ruleSingleExposedPrefixHeader = new CorsRule()
{
AllowedOrigins =
new List<string>() { "www.ab.com" },
AllowedMethods = CorsHttpMethods.Get,
ExposedHeaders =
new List<string>() { "x-ms-meta-data*" },
};
CorsRule ruleSingleAllowedHeader = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.ab.com" },
AllowedMethods = CorsHttpMethods.Get,
AllowedHeaders = new List<string>() { "x-ms-meta-xyz", },
};
CorsRule ruleSingleAllowedPrefixHeader = new CorsRule()
{
AllowedOrigins =
new List<string>() { "www.ab.com" },
AllowedMethods = CorsHttpMethods.Get,
AllowedHeaders =
new List<string>() { "x-ms-meta-target*" },
};
CorsRule ruleAllowAll = new CorsRule()
{
AllowedOrigins = new List<string>() { "*" },
AllowedMethods = CorsHttpMethods.Get,
AllowedHeaders = new List<string>() { "*" },
ExposedHeaders = new List<string>() { "*" }
};
CloudQueueClient client = GenerateCloudQueueClient();
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleBasic });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleMinRequired });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleAllMethods });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleSingleExposedHeader });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleSingleExposedPrefixHeader });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleSingleAllowedHeader });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleSingleAllowedPrefixHeader });
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleAllowAll });
// Empty rule set should delete all rules
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { });
// Test duplicate rules
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleBasic, ruleBasic });
// Test max number of rules (five)
await this.TestCorsRulesAsync(
client,
null,
new List<CorsRule>()
{
ruleBasic,
ruleMinRequired,
ruleAllMethods,
ruleSingleExposedHeader,
ruleSingleExposedPrefixHeader
});
// Test max number of rules + 1 (six)
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await this.TestCorsRulesAsync(
client,
context,
new List<CorsRule>()
{
ruleBasic,
ruleMinRequired,
ruleAllMethods,
ruleSingleExposedHeader,
ruleSingleExposedPrefixHeader,
ruleSingleAllowedHeader
}),
context,
"Services are limited to a maximum of five CORS rules.",
HttpStatusCode.BadRequest,
"InvalidXmlDocument");
}
private static void ConfigureCors(CloudStorageAccount storageAccount, string allowedOrigins)
{
var blobClient = storageAccount.CreateCloudBlobClient();
var serviceProperties = blobClient.GetServiceProperties();
var cors = new CorsRule();
cors.AllowedOrigins.Add(allowedOrigins);
cors.AllowedMethods = CorsHttpMethods.Get;
cors.MaxAgeInSeconds = 3600;
serviceProperties.Cors.CorsRules.Add(cors);
blobClient.SetServiceProperties(serviceProperties);
}
/// <summary>
/// Query the Cross-Origin Resource Sharing (CORS) rules for the Queue service
/// </summary>
/// <param name="blobClient"></param>
private static async Task CorsSample(CloudBlobClient blobClient)
{
// Get CORS rules
Console.WriteLine("Get CORS rules");
ServiceProperties serviceProperties = await blobClient.GetServicePropertiesAsync();
// Add CORS rule
Console.WriteLine("Add CORS rule");
CorsRule corsRule = new CorsRule
{
AllowedHeaders = new List<string> { "*" },
AllowedMethods = CorsHttpMethods.Get,
AllowedOrigins = new List<string> { "*" },
ExposedHeaders = new List<string> { "*" },
MaxAgeInSeconds = 3600
};
serviceProperties.Cors.CorsRules.Add(corsRule);
await blobClient.SetServicePropertiesAsync(serviceProperties);
Console.WriteLine();
}
// Return the Azure CORSRule data for this rule.
public CorsRule ToCorsRule()
{
CorsRule rule = new CorsRule();
rule.AllowedOrigins = this.AllowedOrigins.Replace(" ", String.Empty).Split(',');
rule.AllowedHeaders = this.AllowedHeaders.Replace(" ", String.Empty).Split(',');
rule.ExposedHeaders = this.ExposedHeaders.Replace(" ", String.Empty).Split(',');
foreach(String method in this.AllowedMethods.Replace(" ", String.Empty).Split(','))
{
switch(method.Trim().ToUpper())
{
case "CONNECT":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Connect;
break;
case "DELETE":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Delete;
break;
case "GET":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Get;
break;
case "HEAD":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Head;
break;
case "MERGE":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Merge;
break;
case "OPTIONS":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Options;
break;
case "POST":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Post;
break;
case "PUT":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Put;
break;
case "TRACE":
rule.AllowedMethods = rule.AllowedMethods | CorsHttpMethods.Trace;
break;
}
}
int age = 0;
Int32.TryParse(this.MaxAgeInSeconds, out age);
rule.MaxAgeInSeconds = age;
return rule;
}
// Constructor - create from an Azure CorsRule object.
public CORSRule(CorsRule rule)
{
// Retrieve allowed origins.
if (rule.AllowedOrigins != null)
{
String origins = String.Empty;
foreach (String origin in rule.AllowedOrigins)
{
if (origins.Length > 0)
{
origins = origins + ",";
}
origins = origins + origin;
}
this.AllowedOrigins = origins;
}
// Retrieve allowed headers.
if (rule.AllowedHeaders != null)
{
String headers = String.Empty;
foreach (String header in rule.AllowedHeaders)
{
if (headers.Length > 0)
{
headers = headers + ",";
}
headers = headers + header;
}
this.AllowedHeaders = headers;
}
// Retrieve exposed headers.
if (rule.ExposedHeaders != null)
{
String headers = String.Empty;
foreach (String header in rule.ExposedHeaders)
{
if (headers.Length > 0)
{
headers = headers + ",";
}
headers = headers + header;
}
this.ExposedHeaders = headers;
}
// Retrieve allowed methods.
String methods = String.Empty;
if ((rule.AllowedMethods & CorsHttpMethods.Connect)==CorsHttpMethods.Connect) { methods = methods + "CONNECT,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Delete) == CorsHttpMethods.Delete) { methods = methods + "DELETE,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Get) == CorsHttpMethods.Get) { methods = methods + "GET,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Head) == CorsHttpMethods.Head) { methods = methods + "HEAD,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Merge) == CorsHttpMethods.Merge) { methods = methods + "MERGE,"; };
if ((rule.AllowedMethods & CorsHttpMethods.None) == CorsHttpMethods.None) { methods = methods + "NONE,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Options) == CorsHttpMethods.Options) { methods = methods + "OPTIONS,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Post) == CorsHttpMethods.Post) { methods = methods + "POST,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Put) == CorsHttpMethods.Put) { methods = methods + "PUT,"; };
if ((rule.AllowedMethods & CorsHttpMethods.Trace) == CorsHttpMethods.Trace) { methods = methods + "TRACE,"; };
if (methods.Length > 0 && methods.EndsWith(","))
{
methods = methods.Substring(0, methods.Length - 1);
}
this.AllowedMethods = methods;
this.MaxAgeInSeconds = rule.MaxAgeInSeconds.ToString();
}
public string EnableStorageCORS(Account account)
{
try
{
var storageAccount = StorageUtils.CreateCloudStorageAccount(account);
var blobClient = storageAccount.CreateCloudBlobClient();
CorsHttpMethods allowedMethods = CorsHttpMethods.None;
allowedMethods = allowedMethods | CorsHttpMethods.Get;
allowedMethods = allowedMethods | CorsHttpMethods.Put;
allowedMethods = allowedMethods | CorsHttpMethods.Post;
allowedMethods = allowedMethods | CorsHttpMethods.Delete;
allowedMethods = allowedMethods | CorsHttpMethods.Options;
var delimiter = new[] { "," };
CorsRule corsRule = new CorsRule();
const string allowedOrigins = "*";
const string allowedHeaders = "*";
const string exposedHeaders = "";
string[] allAllowedOrigin = allowedOrigins.Split(delimiter, StringSplitOptions.RemoveEmptyEntries);
string[] allExpHeaders = exposedHeaders.Split(delimiter, StringSplitOptions.RemoveEmptyEntries);
string[] allAllowHeaders = allowedHeaders.Split(delimiter, StringSplitOptions.RemoveEmptyEntries);
List<string> corsAllowedOrigin = new List<string>();
foreach (var item in allAllowedOrigin)
{
if (!string.IsNullOrWhiteSpace(item))
{
corsAllowedOrigin.Add(item.Trim());
}
}
List<string> corsExposedHeaders = new List<string>();
foreach (var item in allExpHeaders)
{
if (!string.IsNullOrWhiteSpace(item))
{
corsExposedHeaders.Add(item.Trim());
}
}
List<string> corsAllowHeaders = new List<string>();
foreach (var item in allAllowHeaders)
{
if (!string.IsNullOrWhiteSpace(item))
{
corsAllowHeaders.Add(item.Trim());
}
}
corsRule.MaxAgeInSeconds = 200;
corsRule.AllowedMethods = allowedMethods;
corsRule.AllowedHeaders = corsAllowHeaders;
corsRule.AllowedOrigins = corsAllowedOrigin;
corsRule.ExposedHeaders = corsExposedHeaders;
ServiceProperties properties = blobClient.GetServiceProperties();
properties.Cors.CorsRules.Clear();
properties.Cors.CorsRules.Add(corsRule);
blobClient.SetServiceProperties(properties);
}
catch (Exception ex)
{
logger.Error(ex);
return "Failed due to Incorrect Account Name or Key.";
}
return "Enabling CORS Succeed";
}
private static CorsRule Clone(CorsRule rule)
{
throw new NotImplementedException();
}
public async Task CloudQueueTestCorsMaxOriginsAsync()
{
CorsRule ruleManyOrigins = new CorsRule() { AllowedMethods = CorsHttpMethods.Get, };
// Add maximum number of allowed origins
for (int i = 0; i < 64; i++)
{
ruleManyOrigins.AllowedOrigins.Add("www.xyz" + i + ".com");
}
CloudQueueClient client = GenerateCloudQueueClient();
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleManyOrigins });
ruleManyOrigins.AllowedOrigins.Add("www.xyz64.com");
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await this.TestCorsRulesAsync(client, context, new List<CorsRule>() { ruleManyOrigins }),
context,
"A maximum of 64 origins are allowed.",
HttpStatusCode.BadRequest,
"InvalidXmlNodeValue");
}
public void CloudFileTestCorsExpectedExceptions()
{
CorsRule ruleEmpty = new CorsRule();
CorsRule ruleInvalidMaxAge = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.xyz.com" },
AllowedMethods = CorsHttpMethods.Get,
MaxAgeInSeconds = -1
};
CloudFileClient client = GenerateCloudFileClient();
TestHelper.ExpectedException<ArgumentException>(
() => this.TestCorsRules(client, new List<CorsRule>() { ruleEmpty }), "Empty CORS Rules are not supported.");
TestHelper.ExpectedException<ArgumentException>(
() => this.TestCorsRules(client, new List<CorsRule>() { ruleInvalidMaxAge }),
"MaxAgeInSeconds cannot have a value < 0.");
}
/// <summary>
/// Устанавливает нужные нам правила на сторедж
/// </summary>
public static void SetStorageRules()
{
//опишем правила для корса
CorsRule corsRule = new CorsRule
{
//Список разрешенных доменов
AllowedOrigins = new List<string>
{
"*", //разрешить доступ везде
//"http://allowed.domain.com",
//"https://allowed.domain.com"
},
//разрешенные заголовки, спецефичные для стореджа x-ms-blob-type, x-ms-blob-content-type
AllowedHeaders = new List<string>
{
"x-ms-blob-*",
"content-type",
"accept"
},
//разрешить собственно запись
AllowedMethods = CorsHttpMethods.Put,
//Сколько кэшировать данные о корсе
MaxAgeInSeconds=sasTtl*60
};
//создадим правила для стореджа
ServiceProperties serviceProperties = new ServiceProperties
{
//обязательно такая (или новее, когда появится) - только у неё появился CORS
DefaultServiceVersion = "2013-08-15",
//вообще, следующие свойства не обязательные, но без них NullReference exception
//установим их в дефолты
Logging = new LoggingProperties
{
Version = "1.0",
LoggingOperations = LoggingOperations.None
},
HourMetrics = new MetricsProperties
{
Version = "1.0",
MetricsLevel = MetricsLevel.None
},
MinuteMetrics = new MetricsProperties
{
Version = "1.0",
MetricsLevel = MetricsLevel.None
}
};
//добавим правило для корса
serviceProperties.Cors.CorsRules.Add(corsRule);
CloudBlobClient storageClient = GetClient();
//установим значения свойств для сервиса, достачно сделать один раз
storageClient.SetServiceProperties(serviceProperties);
//создадим контейнер
CloudBlobContainer container = storageClient.GetContainerReference(containerName);
container.CreateIfNotExists();
}
public async Task<IEnumerable<string>> EnsureCorsIsEnabledAsync(params string[] origins) {
var storageAccount = new CloudStorageAccount(new StorageCredentials(Context.DefaultStorageAccount.Name, Settings.StorageAccountKey), false);
var client = storageAccount.CreateCloudBlobClient();
var serviceProperties = await client.GetServicePropertiesAsync().ConfigureAwait(continueOnCapturedContext: false);
var requiredHeaders = new[] { "accept", "x-ms-blob-content-type", "x-ms-blob-type", "x-ms-date", "x-ms-version", "content-disposition", "content-length", "content-range", "content-type" };
var requiredMethods = CorsHttpMethods.Put | CorsHttpMethods.Options;
if (serviceProperties.Cors == null)
serviceProperties.Cors = new CorsProperties();
var rule = FindBestMatchingRule(serviceProperties, requiredHeaders, requiredMethods, origins);
if (rule == null) {
rule = new CorsRule {
AllowedHeaders = requiredHeaders,
AllowedMethods = requiredMethods,
AllowedOrigins = new List<string>(),
ExposedHeaders = new List<string> { "*" },
MaxAgeInSeconds = 1800 // 30 minutes
};
serviceProperties.Cors.CorsRules.Add(rule);
Logger.Information("A new CORS rule has been added to the configured WAMS instance.");
}
var addedOrigins = new List<string>();
var settingsChanged = false;
foreach (var origin in origins.Where(origin => !rule.AllowedOrigins.Contains(origin, StringComparer.OrdinalIgnoreCase))) {
rule.AllowedOrigins.Add(origin);
addedOrigins.Add(origin);
settingsChanged = true;
Logger.Information("The following CORS origins were added to the configured WAMS instance: {0}", origin);
}
if (settingsChanged)
await client.SetServicePropertiesAsync(serviceProperties).ConfigureAwait(continueOnCapturedContext: false);
return addedOrigins.AsEnumerable();
}
private static void SetCors(CloudStorageAccount storageAccount)
{
if(CorsActive)
return;
var blobClient = storageAccount.CreateCloudBlobClient();
Console.WriteLine("Storage Account: " + storageAccount.BlobEndpoint);
var newProperties = blobClient.GetServiceProperties();
newProperties.Cors.CorsRules.Clear();
newProperties.DefaultServiceVersion = "2013-08-15";
var ruleWideOpenWriter = new CorsRule()
{
AllowedHeaders = ALLOWED_CORS_HEADERS,
AllowedOrigins = ALLOWED_CORS_ORIGINS,
AllowedMethods = ALLOWED_CORS_METHODS,
MaxAgeInSeconds = (int)TimeSpan.FromDays(AppSettings.UploadSasTime).TotalSeconds
};
newProperties.Cors.CorsRules.Add(ruleWideOpenWriter);
blobClient.SetServiceProperties(newProperties);
CorsActive = true;
}
public async Task CloudQueueTestCorsExpectedExceptionsAsync()
{
CorsRule ruleEmpty = new CorsRule();
CorsRule ruleInvalidMaxAge = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.xyz.com" },
AllowedMethods = CorsHttpMethods.Get,
MaxAgeInSeconds = -1
};
CloudQueueClient client = GenerateCloudQueueClient();
await TestHelper.ExpectedExceptionAsync<ArgumentException>(
async () => await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleEmpty }), "Empty CORS Rules are not supported.");
await TestHelper.ExpectedExceptionAsync<ArgumentException>(
async () => await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleInvalidMaxAge }),
"MaxAgeInSeconds cannot have a value < 0.");
}
/// <summary>
/// Query the Cross-Origin Resource Sharing (CORS) rules for the Queue service
/// </summary>
/// <param name="queueClient"></param>
private static async Task CorsSample(CloudQueueClient queueClient)
{
Console.WriteLine();
// Get service properties
Console.WriteLine("Get service properties");
ServiceProperties originalProperties = await queueClient.GetServicePropertiesAsync();
try
{
// Add CORS rule
Console.WriteLine("Add CORS rule");
CorsRule corsRule = new CorsRule
{
AllowedHeaders = new List<string> {"*"},
AllowedMethods = CorsHttpMethods.Get,
AllowedOrigins = new List<string> {"*"},
ExposedHeaders = new List<string> {"*"},
MaxAgeInSeconds = 3600
};
ServiceProperties serviceProperties = await queueClient.GetServicePropertiesAsync();
serviceProperties.Cors.CorsRules.Add(corsRule);
await queueClient.SetServicePropertiesAsync(serviceProperties);
}
finally
{
// Revert back to original service properties
Console.WriteLine("Revert back to original service properties");
await queueClient.SetServicePropertiesAsync(originalProperties);
}
Console.WriteLine();
}
public async Task CloudQueueTestCorsMaxHeadersAsync()
{
CorsRule ruleManyHeaders = new CorsRule()
{
AllowedOrigins = new List<string>() { "www.xyz.com" },
AllowedMethods = CorsHttpMethods.Get,
AllowedHeaders =
new List<string>()
{
"x-ms-meta-target*",
"x-ms-meta-other*"
},
ExposedHeaders =
new List<string>()
{
"x-ms-meta-data*",
"x-ms-meta-source*"
}
};
// Add maximum number of non-prefixed headers
for (int i = 0; i < 64; i++)
{
ruleManyHeaders.ExposedHeaders.Add("x-ms-meta-" + i);
ruleManyHeaders.AllowedHeaders.Add("x-ms-meta-" + i);
}
CloudQueueClient client = GenerateCloudQueueClient();
await this.TestCorsRulesAsync(client, null, new List<CorsRule>() { ruleManyHeaders });
// Test with too many Exposed Headers (65)
ruleManyHeaders.ExposedHeaders.Add("x-ms-meta-toomany");
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await this.TestCorsRulesAsync(client, context, new List<CorsRule>() { ruleManyHeaders }),
context,
"A maximum of 64 literal exposed headers are allowed.",
HttpStatusCode.BadRequest,
"InvalidXmlNodeValue");
ruleManyHeaders.ExposedHeaders.Remove("x-ms-meta-toomany");
// Test with too many Allowed Headers (65)
ruleManyHeaders.AllowedHeaders.Add("x-ms-meta-toomany");
await TestHelper.ExpectedExceptionAsync(
async () => await this.TestCorsRulesAsync(client, context, new List<CorsRule>() { ruleManyHeaders }),
context,
"A maximum of 64 literal allowed headers are allowed.",
HttpStatusCode.BadRequest,
"InvalidXmlNodeValue");
ruleManyHeaders.AllowedHeaders.Remove("x-ms-meta-toomany");
// Test with too many Exposed Prefixed Headers (three)
ruleManyHeaders.ExposedHeaders.Add("x-ms-meta-toomany*");
await TestHelper.ExpectedExceptionAsync(
async () => await this.TestCorsRulesAsync(client, context, new List<CorsRule>() { ruleManyHeaders }),
context,
"A maximum of two prefixed exposed headers are allowed.",
HttpStatusCode.BadRequest,
"InvalidXmlNodeValue");
ruleManyHeaders.ExposedHeaders.Remove("x-ms-meta-toomany*");
// Test with too many Allowed Prefixed Headers (three)
ruleManyHeaders.AllowedHeaders.Add("x-ms-meta-toomany*");
await TestHelper.ExpectedExceptionAsync(
async () => await this.TestCorsRulesAsync(client, context, new List<CorsRule>() { ruleManyHeaders }),
context,
"A maximum of two prefixed allowed headers are allowed.",
HttpStatusCode.BadRequest,
"InvalidXmlNodeValue");
ruleManyHeaders.AllowedHeaders.Remove("x-ms-meta-toomany*");
}
public void TestSetServicePropertiesWithoutMetricsAndLoggingProperties()
{
ServiceProperties serviceProperties = new ServiceProperties(cors: new CorsProperties());
Microsoft.WindowsAzure.Storage.Shared.Protocol.CorsRule rule = new Microsoft.WindowsAzure.Storage.Shared.Protocol.CorsRule();
rule.AllowedHeaders.Add("x-ms-meta-xyz");
rule.AllowedHeaders.Add("x-ms-meta-data*");
rule.AllowedMethods = CorsHttpMethods.Get | CorsHttpMethods.Put;
rule.ExposedHeaders.Add("x-ms-meta-source*");
rule.AllowedOrigins.Add("*");
rule.AllowedMethods = CorsHttpMethods.Get;
serviceProperties.Cors.CorsRules.Add(rule);
client.SetServiceProperties(serviceProperties);
}
