public async Task <string> GetBlobSAPUrlFromBlobPathAsync(CloudStorageAccount storageAccount, string containerName, string blobPath, string sharedAccessPolicyName)
{
string result = string.Empty;
if (storageAccount == null || string.IsNullOrWhiteSpace(containerName) || string.IsNullOrWhiteSpace(blobPath) || string.IsNullOrWhiteSpace(sharedAccessPolicyName))
{
return(result);
}
CloudBlob blob = await this.GetBlobFromPathAsync(storageAccount, containerName, blobPath);
CloudBlobContainer container = await this.GetContainerAsync(storageAccount, containerName, true);
SharedAccessBlobPolicy policy = await this.GetSharedAccessPolicy(container, sharedAccessPolicyName);
if (policy != null)
{
result = blob.Uri.AbsoluteUri + blob.GetSharedAccessSignature(policy);
}
return(result);
}
public override async Task <FileData> GetAsync(FileGetOptions fileGetOptions)
{
FileData file = new FileData();
CloudStorageAccount storageAccount = Authorized(fileGetOptions);
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(fileGetOptions.Folder.ToLower());
CloudBlockBlob blockBlob = container.GetBlockBlobReference(fileGetOptions.Key);
switch (fileGetOptions.FileTransfer)
{
case Enum.FileTransferOptions.Stream:
await blockBlob.DownloadToStreamAsync(file.Stream);
break;
case Enum.FileTransferOptions.Url:
file.Loc = blockBlob.Uri.AbsoluteUri;
break;
case Enum.FileTransferOptions.SecureUrl:
var policy = new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTime.UtcNow + fileGetOptions.SecureLinkTimeToLive
};
file.Loc = (blockBlob.Uri.AbsoluteUri + blockBlob.GetSharedAccessSignature(policy));
break;
}
file.Type = "Mircosoft Azure Blob Storage";
return(file);
}
static public string GenerateSasUri(string blobStorageEndpointFormat, string storageAccount, string storageAccountKey,
string blobContainer, string vhdName, int hours = 10, bool read = true, bool write = true, bool delete = true, bool list = true)
{
string destinationSasUri = string.Format(@blobStorageEndpointFormat, storageAccount) + string.Format("/{0}/{1}", blobContainer, vhdName);
var destinationBlob = new CloudPageBlob(new Uri(destinationSasUri), new StorageCredentials(storageAccount, storageAccountKey));
SharedAccessBlobPermissions permission = 0;
permission |= (read) ? SharedAccessBlobPermissions.Read : 0;
permission |= (write) ? SharedAccessBlobPermissions.Write : 0;
permission |= (delete) ? SharedAccessBlobPermissions.Delete : 0;
permission |= (list) ? SharedAccessBlobPermissions.List : 0;
var policy = new SharedAccessBlobPolicy()
{
Permissions = permission,
SharedAccessExpiryTime = DateTime.UtcNow + TimeSpan.FromHours(hours)
};
string destinationBlobToken = destinationBlob.GetSharedAccessSignature(policy);
return(destinationSasUri + destinationBlobToken);
}
public static string GetBlobWriteTokenUri(CloudBlobContainer container, string blobRef)
{
blobRef = blobRef.Replace("/", "");
//Get a reference to a blob within the container.
CloudBlockBlob blob = container.GetBlockBlobReference(blobRef);
//Set the expiry time and permissions for the blob.
//In this case the start time is specified as a few minutes in the past, to mitigate clock skew.
//The shared access signature will be valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5);
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write;
//Generate the shared access signature on the blob, setting the constraints directly on the signature.
string sasBlobToken = blob.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return(string.Format(CultureInfo.InvariantCulture, "{0}{1}", blob.Uri, sasBlobToken));
}
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime)
{
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container, null, null, OperationContext);
//Set the policy with new value
if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
SharedAccessBlobPolicy policy = blobContainerPermissions.SharedAccessPolicies[policyName];
AccessPolicyHelper.SetupAccessPolicy <SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission, noStartTime, noExpiryTime);
blobContainerPermissions.SharedAccessPolicies[policyName] = policy;
//Set permission back to container
localChannel.SetContainerPermissions(container, blobContainerPermissions, null, null, OperationContext);
WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <SharedAccessBlobPolicy>(blobContainerPermissions.SharedAccessPolicies, policyName));
return(policyName);
}
public static async Task <GetBlobSasTokenResponse> GetBlobSasTokens(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest request,
ILogger log)
{
// Expecting a JSON array of filenames in the request.
// Going to generate and return individual tokens for each file.
var fileNames = await GetFileNamesFromRequest(request);
var storageAccount = CloudStorageAccount.Parse(Environment.GetEnvironmentVariable(ConnectionStringVariableName));
var container = storageAccount.CreateCloudBlobClient().GetContainerReference(ContainerName);
// Just to ensure the container exists
await container.CreateIfNotExistsAsync();
var policy = new SharedAccessBlobPolicy()
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(TokenTtlInMinutes),
Permissions = SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.Write,
};
// userId will be used as a folder name. Generated tokens will be tied to that folder.
string userId = await Helpers.GetAccessingUserId(request);
// Generating tokens for each file
var sasTokens = fileNames.Select(fileName =>
{
var blobFolder = container.GetBlobReference($"{userId}/{fileName}");
return(blobFolder.GetSharedAccessSignature(policy));
});
return(new GetBlobSasTokenResponse
{
blobUri = storageAccount.BlobEndpoint.ToString(),
containerName = ContainerName,
folderName = userId,
sasTokens = sasTokens.ToArray()
});
}
public static string CreateOnlineTrainerCspkgBlobIfNotExists(string cspkgLink)
{
var telemetry = new TelemetryClient();
string azureStorageConnectionString = ConfigurationManager.AppSettings[AKConnectionString];
var storageAccount = CloudStorageAccount.Parse(azureStorageConnectionString);
var blobClient = storageAccount.CreateCloudBlobClient();
var armDeployContainer = blobClient.GetContainerReference(StorageARMDeployContainer);
var cspkgBlob = armDeployContainer.GetBlockBlobReference(StorageOnlineTrainerPackageName);
if (!cspkgBlob.Exists())
{
telemetry.TrackTrace("Online Trainer Package blob not found, creating new one.");
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
armDeployContainer.CreateIfNotExists();
using (var wc = new WebClient())
using (var cspkgStream = new MemoryStream(wc.DownloadData(cspkgLink)))
{
cspkgBlob.UploadFromStream(cspkgStream);
}
}
else
{
telemetry.TrackTrace("Online Trainer Package already exists.");
}
var sasPolicy = new SharedAccessBlobPolicy
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-1),
SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1)
};
var uri = cspkgBlob.Uri.ToString() + cspkgBlob.GetSharedAccessSignature(sasPolicy);
telemetry.TrackTrace($"Online Trainer Package URI: '{uri}'");
return(uri);
}
public override void ExecuteCmdlet()
{
CloudBlob blob = null;
if (ParameterSetName == BlobNamePipelineParmeterSetWithPermission ||
ParameterSetName == BlobNamePipelineParmeterSetWithPolicy)
{
blob = GetCloudBlobByName(Container, Blob);
}
else
{
blob = this.CloudBlob;
}
SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, blob.Container.Name, accessPolicy, accessPolicyIdentifier);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken = GetBlobSharedAccessSignature(blob, accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
if (FullUri)
{
string fullUri = blob.SnapshotQualifiedUri.ToString();
if (blob.IsSnapshot)
{
// Since snapshot URL already has '?', need remove '?' in the first char of sas
fullUri = fullUri + "&" + sasToken.Substring(1);
}
else
{
fullUri = fullUri + sasToken;
}
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
/// <summary>
/// Uploads the specified file to the specified Blob container.
/// </summary>
/// <param name="blobClient">A <see cref="CloudBlobClient"/>.</param>
/// <param name="containerName">The name of the blob storage container to which the file should be uploaded.</param>
/// <param name="filePath">The full path to the file to upload to Storage.</param>
/// <returns>A ResourceFile instance representing the file within blob storage.</returns>
private async static Task <ResourceFile> UploadFileToContainer(CloudBlobClient blobClient, string containerName, string filePath)
{
string blobName = Path.GetFileName(filePath);
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
CloudBlockBlob blobData = container.GetBlockBlobReference(blobName);
await blobData.UploadFromFileAsync(filePath);
// Set the expiry time and permissions for the blob shared access signature. In this case, no start time is specified,
// so the shared access signature becomes valid immediately
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy
{
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2),
Permissions = SharedAccessBlobPermissions.Read
};
// Construct the SAS URL for blob
string sasBlobToken = blobData.GetSharedAccessSignature(sasConstraints);
string blobSasUri = String.Format("{0}{1}", blobData.Uri, sasBlobToken);
return(new ResourceFile(blobSasUri, blobName));
}
private IEnumerable <GetModel> ResolvePhotoUri(IConfiguration configuration, IQueryable <GetModel> query)
{
var policy = new SharedAccessBlobPolicy
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTimeOffset.Now.AddMinutes(10)
};
CloudBlobContainer historyContainer = GetHistoryContainer(configuration);
return(query.AsEnumerable().Select(s =>
{
if (s.PhotoUri != null)
{
CloudBlockBlob blob = historyContainer.GetBlockBlobReference(Path.GetFileName(s.PhotoUri));
string sas = blob.GetSharedAccessSignature(policy);
s.PhotoUri = blob.Uri + sas;
}
return s;
}));
}
//[Route("api/getstoragetoken/UpAccess")]
public async Task <StorageTokenViewModel> GetUpAccessAsync(string sharingSpaceId, string objectId)
{
// The userId is the SID without the sid: prefix
//var claimsPrincipal = User as ClaimsPrincipal;
//var userId = claimsPrincipal
// .FindFirst(ClaimTypes.NameIdentifier)
// .Value.Substring(4);
string userId = Settings.GetUserId(User).Replace("|", "");
// Errors creating the storage container result in a 500 Internal Server Error
var container = BlobClient.GetContainerReference(containerName);
await container.CreateIfNotExistsAsync();
// Get the user directory within the container
var directory = container.GetDirectoryReference(userId);
var sharingSpaceDirectory = directory.GetDirectoryReference(sharingSpaceId);
//var blobName = Guid.NewGuid().ToString("N");
var blobName = objectId;
var blob = sharingSpaceDirectory.GetBlockBlobReference(blobName + ".jpg");
// Create a policy for accessing the defined blob
var blobPolicy = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(60),
Permissions = SharedAccessBlobPermissions.Read
| SharedAccessBlobPermissions.Write
| SharedAccessBlobPermissions.Create
};
return(new StorageTokenViewModel
{
Name = blobName,
Uri = blob.Uri,
SasToken = blob.GetSharedAccessSignature(blobPolicy)
});
}
/// <summary>
/// Creates the download link.
/// </summary>
/// <param name="assetStorageProvider"></param>
/// <param name="asset">The asset.</param>
/// <returns></returns>
public override string CreateDownloadLink(AssetStorageProvider assetStorageProvider, Asset asset)
{
string rootFolder = FixRootFolder(GetAttributeValue(assetStorageProvider, AttributeKey.RootFolder));
asset.Key = FixKey(asset, rootFolder);
HasRequirementsFile(asset);
try
{
var container = GetCloudBlobContainer(assetStorageProvider);
// Get a reference to a blob with a request to the server.
// If the blob does not exist, this call will fail with a 404 (Not Found).
var blob = container.GetBlobReferenceFromServer(asset.Key) as CloudBlob;
// Create a new access policy and define its constraints.
// Note that the SharedAccessBlobPolicy class is used both to define the parameters of an ad-hoc SAS, and
// to construct a shared access policy that is saved to the container's shared access policies.
SharedAccessBlobPolicy adHocSAS = new SharedAccessBlobPolicy()
{
// When the start time for the SAS is omitted, the start time is assumed to be the time when the storage service receives the request.
// Omitting the start time for a SAS that is effective immediately helps to avoid clock skew.
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create
};
// Generate the shared access signature on the blob, setting the constraints directly on the signature.
var sasBlobToken = blob.GetSharedAccessSignature(adHocSAS);
// Return the URI string for the container, including the SAS token.
return(blob.Uri + sasBlobToken);
}
catch (Exception ex)
{
ExceptionLogService.LogException(ex);
throw;
}
}
/// <summary>
/// This will return up to 3 tokens for the storage accounts
/// </summary>
/// <returns></returns>
private string[] GetContainerSasUris()
{
// We need to refresh the tokens every time or they will become invalid.
tokens = new string[3];
containerAddresses = new string[3];
string accountName = _configuration.GetSection("StorageAccountName")?.Value;
string accountKey = _configuration.GetSection("StorageAccountKey")?.Value;
SharedAccessBlobPolicy adHocPolicy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Permissions = SharedAccessBlobPermissions.Read
};
containerAddresses[0] = _configuration.GetSection("StorageContainerAddress")?.Value.ToLower();
CloudBlobContainer container = new CloudBlobContainer(new Uri(containerAddresses[0]), new StorageCredentials(accountName, accountKey));
tokens[0] = container.GetSharedAccessSignature(adHocPolicy, null);
// Get token for second indexer data source
containerAddresses[1] = _configuration.GetSection("StorageContainerAddress2")?.Value.ToLower();
if (!String.Equals(containerAddresses[1], defaultContainerUriValue))
{
CloudBlobContainer container2 = new CloudBlobContainer(new Uri(containerAddresses[1]), new StorageCredentials(accountName, accountKey));
tokens[1] = container2.GetSharedAccessSignature(adHocPolicy, null);
}
// Get token for third indexer data source
containerAddresses[2] = _configuration.GetSection("StorageContainerAddress3")?.Value.ToLower();
if (!String.Equals(containerAddresses[2], defaultContainerUriValue))
{
CloudBlobContainer container3 = new CloudBlobContainer(new Uri(containerAddresses[2]), new StorageCredentials(accountName, accountKey));
tokens[2] = container3.GetSharedAccessSignature(adHocPolicy, null);
}
return(tokens);
}
public override bool Execute()
{
Log.LogMessage(MessageImportance.High, "Creating container named '{0}' in storage account {1}.", ContainerName, AccountName);
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(string.Format("DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1}", AccountName, AccountKey));
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer newContainer = blobClient.GetContainerReference(ContainerName);
if (FailIfExists && newContainer.Exists())
{
Log.LogError("The container '{0}' already exists.", ContainerName);
return(false);
}
else
{
newContainer.CreateIfNotExists();
}
StorageUri = newContainer.Uri.ToString();
if (ReadOnlyTokenDaysValid > 0)
{
var sasRO = new SharedAccessBlobPolicy();
sasRO.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(ReadOnlyTokenDaysValid);
sasRO.Permissions = SharedAccessBlobPermissions.Read;
ReadOnlyToken = newContainer.GetSharedAccessSignature(sasRO);
}
if (WriteOnlyTokenDaysValid > 0)
{
var sasWO = new SharedAccessBlobPolicy();
sasWO.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(WriteOnlyTokenDaysValid);
sasWO.Permissions = SharedAccessBlobPermissions.Write;
WriteOnlyToken = newContainer.GetSharedAccessSignature(sasWO);
}
return(true);
}
public Task <BlobSharedAccessInformation> GetBlobSharedAccessInformationForReadingAsync(string containerName, string blobName, DateTime expiry)
{
containerName.AssertNotNull("containerName");
blobName.AssertNotNull("blobName");
if (expiry.Kind != DateTimeKind.Utc)
{
throw new InvalidOperationException("Expiry time must be in UTC");
}
var client = this.cloudStorageAccount.CreateCloudBlobClient();
var container = client.GetContainerReference(containerName);
var blob = container.GetBlockBlobReference(blobName);
var policy = new SharedAccessBlobPolicy
{
SharedAccessExpiryTime = expiry,
Permissions = SharedAccessBlobPermissions.Read
};
var token = blob.GetSharedAccessSignature(policy);
var blobUri = blob.Uri;
var cdnDomain = this.azureConfiguration.CdnDomain;
if (string.IsNullOrWhiteSpace(cdnDomain))
{
throw new InvalidOperationException("CDN domain has not been configured.");
}
var cdnUriBuilder = new UriBuilder(blobUri)
{
Host = cdnDomain
};
var cdnUri = cdnUriBuilder.Uri.GetComponents(UriComponents.AbsoluteUri & ~UriComponents.Port, UriFormat.UriEscaped);
return(Task.FromResult(new BlobSharedAccessInformation(containerName, blobName, cdnUri, token, expiry)));
}
public void ValidateSetupAccessPolicyPermissionTest()
{
SharedAccessBlobPolicy blobAccessPolicy = new SharedAccessBlobPolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, null);
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, "");
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, "D");
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.Delete);
SharedAccessTablePolicy tableAccessPolicy = new SharedAccessTablePolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, null);
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, "");
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, "ar");
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query);
SharedAccessQueuePolicy queueAccessPolicy = new SharedAccessQueuePolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, null);
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, "");
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, "p");
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.ProcessMessages);
SharedAccessFilePolicy fileAccessPolicy = new SharedAccessFilePolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, null);
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, "");
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, "lwc");
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.List | SharedAccessFilePermissions.Write | SharedAccessFilePermissions.Create);
}
private static async Task <HashSet <string> > GetBlobSasUri(CloudBlobContainer container, string policyName = null)
{
string sasBlobToken;
var resultSegment = await container.ListBlobsSegmentedAsync(null);
var blobNames = new HashSet <string>();
var blobsUrls = new HashSet <string>();
foreach (IListBlobItem item in resultSegment.Results)
{
if (item.GetType() == typeof(CloudBlockBlob))
{
CloudBlockBlob blob = (CloudBlockBlob)item;
blobNames.Add(blob.Name);
}
foreach (var blobitem in blobNames)
{
CloudBlockBlob blob = container.GetBlockBlobReference(blobitem);
if (policyName == null)
{
SharedAccessBlobPolicy adHocSAS = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Permissions = SharedAccessBlobPermissions.Read
};
sasBlobToken = blob.GetSharedAccessSignature(adHocSAS);
}
else
{
sasBlobToken = blob.GetSharedAccessSignature(null, policyName);
}
blobsUrls.Add(blob.Uri + sasBlobToken);
}
}
return(blobsUrls);
}
public override void ExecuteCmdlet()
{
if (String.IsNullOrEmpty(Name))
{
return;
}
CloudBlobContainer container = Channel.GetContainerReference(Name);
SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, container.Name, accessPolicy, accessPolicyIdentifier);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken = container.GetSharedAccessSignature(accessPolicy, accessPolicyIdentifier);
if (FullUri)
{
string fullUri = container.Uri.ToString() + sasToken;
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
public string GenerateSASToken(Uri docUri, string containerName)
{
CloudBlobClient blobClient = _storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
BlobContainerPermissions permissions = new BlobContainerPermissions();
permissions.PublicAccess = BlobContainerPublicAccessType.Off;
permissions.SharedAccessPolicies.Clear();
permissions.SharedAccessPolicies.Add("twominutepolicy", new SharedAccessBlobPolicy());
container.SetPermissionsAsync(permissions);
SharedAccessBlobPolicy sharedPolicy = new SharedAccessBlobPolicy()
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-1),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(2),
Permissions = SharedAccessBlobPermissions.Read
};
CloudBlockBlob blob = container.GetBlockBlobReference(docUri.ToString());
return(blob.GetSharedAccessSignature(sharedPolicy, "twominutepolicy"));
}
public static string GenerateBlobSasToken(string connectionString, string inputContainerName, string inputBlobName)
{
var sourceStorageAccount = CloudStorageAccount.Parse(connectionString);
// generate the sas token with write permission in customer's storage and pass it to the command worker role
var sourceBlobClient = sourceStorageAccount.CreateCloudBlobClient();
var container = sourceBlobClient.GetContainerReference(inputContainerName);
var blob = container.GetAppendBlobReference(inputBlobName);
//Set the expiry time and permissions for the blob.
//In this case the start time is specified as a few minutes in the past, to mitigate clock skew.
//The shared access signature will be valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy();
sasConstraints.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5);
sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(72);
sasConstraints.Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write;
//Generate the shared access signature on the blob, setting the constraints directly on the signature.
string sasBlobToken = blob.GetSharedAccessSignature(sasConstraints);
return(sasBlobToken);
}
public async Task <string> GetSecureUrl()
{
CloudBlobClient blobClient = _storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("signin");
container.CreateIfNotExists();
SharedAccessBlobPolicy blobPolicy = new SharedAccessBlobPolicy();
blobPolicy.SharedAccessExpiryTime = DateTime.Now.AddHours(0.25d);
blobPolicy.Permissions = SharedAccessBlobPermissions.Read;
BlobContainerPermissions blobPermissions = new BlobContainerPermissions();
blobPermissions.SharedAccessPolicies.Add("ReadBlobPolicy", blobPolicy);
blobPermissions.PublicAccess = BlobContainerPublicAccessType.Off;
await container.SetPermissionsAsync(blobPermissions);
string sasToken = container.GetSharedAccessSignature(new SharedAccessBlobPolicy(), "ReadBlobPolicy");
ICloudBlob blob = container.GetBlockBlobReference(_blobId);
Uri blobUrl = blob.Uri;
string secureUrl = blobUrl.AbsoluteUri + sasToken;
return(secureUrl);
}
public IActionResult ReceiptAuthorizationGet(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "authorizeReceipt")] HttpRequest request,
[Blob("receipts", FileAccess.ReadWrite, Connection = "UploadStorage")] CloudBlobContainer container,
ILogger log,
ClaimsPrincipal principal
)
{
var blob = container.GetBlockBlobReference($"{_b2cHelper.GetOid(principal)}/{request.Query["name"]}");
var policy = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write
};
var sas = blob.GetSharedAccessSignature(policy);
log.LogInformation($"Authorized access to receipt \"{request.Query["name"]}\" for user {_b2cHelper.GetOid(principal)}");
var authorization = new ReceiptAuthorizationDto {
Url = $"{blob.Uri}{sas}"
};
return(new OkObjectResult(authorization));
}
/// <summary>
/// Get a signed access url with an absolute expiry.
/// </summary>
/// <param name="blobPath">Blob to give access to.</param>
/// <param name="signedAccessConfig">Access config including required permissions and expiry</param>
/// <returns>String access url.</returns>
public async Task <string> GetSignedBlobAccessUrl(string blobPath, ISignedAccessConfig signedAccessConfig)
{
var blobPolicyPermissions = GetAzureBlobPolicyPermissions(signedAccessConfig.AccessPermissions);
var blob = GetBlockBlobReference(blobPath);
var policy = new SharedAccessBlobPolicy
{
Permissions = blobPolicyPermissions
};
policy.SharedAccessStartTime = DateTime.Now.AddDays(-1);
if (signedAccessConfig.AccessExpiry != null)
{
policy.SharedAccessExpiryTime = signedAccessConfig.AccessExpiry;
}
else
{
policy.SharedAccessExpiryTime = DateTime.Now.AddDays(365);
}
return(new Uri(blob.Uri, blob.GetSharedAccessSignature(policy)).ToString());
}
/// <summary>
/// Upload a file to Azure's cloud storage if it does not already exist.
/// Return the URI and shared access signature of the uploaded blob.
/// </summary>
/// <param name="containerName">Name of the container to upload the file to</param>
/// <param name="filePath">Path to the file on disk</param>
private async Task<string> UploadFileIfNeededAsync(string containerName, string filePath, CancellationToken ct)
{
CloudBlobContainer container = storageClient.GetContainerReference(containerName);
await container.CreateIfNotExistsAsync(ct);
CloudBlockBlob blob = container.GetBlockBlobReference(Path.GetFileName(filePath));
string md5 = GetFileMd5(filePath);
// If blob already exists and md5 matches, there is no need to upload the file.
if (await blob.ExistsAsync(ct) && string.Equals(md5, blob.Properties.ContentMD5, StringComparison.InvariantCultureIgnoreCase))
return null;
blob.Properties.ContentMD5 = md5;
await blob.UploadFromFileAsync(filePath, ct);
var policy = new SharedAccessBlobPolicy
{
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-15),
SharedAccessExpiryTime = DateTime.UtcNow.AddMonths(12) // Hopefully this job won't take more than a year!
};
return blob.Uri.AbsoluteUri + blob.GetSharedAccessSignature(policy);
}
private static dynamic _getBlobUriWithSasTokenAndMD5(string blobPath, CloudBlobContainer blobContainer)
{
if (string.IsNullOrEmpty(blobPath))
{
return(new { blobSasToken = string.Empty, blobMD5 = string.Empty });
}
var blob = blobContainer.GetBlockBlobReference(blobPath);
var sasConstraints =
new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(24),
Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write
};
var sasBlobToken = blob.GetSharedAccessSignature(sasConstraints);
blob.FetchAttributesAsync().GetAwaiter().GetResult();
return(new { blobSasToken = blob.Uri + sasBlobToken, blobMD5 = blob.Properties.ContentMD5 });
}
private string GetBlobSasUri(string containerName, string BlobName)
{
//Get a reference to a blob within the container.
CloudBlobContainer container = _WaterMArkStorageBlobClient.GetContainerReference(containerName);
container.CreateIfNotExists();
CloudBlockBlob blob = container.GetBlockBlobReference(BlobName);
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(48),
Permissions =
SharedAccessBlobPermissions.Read |
SharedAccessBlobPermissions.Write |
SharedAccessBlobPermissions.Add |
SharedAccessBlobPermissions.Create
};
string sasBlobToken = blob.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
return(blob.Uri + sasBlobToken);
}
private static async Task <string> GetBlobContainerUriWithSas(string blobContainerName)
{
var storageAccount = CloudStorageAccount.Parse(exportStorageAccountConnectionString);
var blobClient = storageAccount.CreateCloudBlobClient();
var blobContainer = blobClient.GetContainerReference(blobContainerName);
await blobContainer.CreateIfNotExistsAsync();
var sasPolicy = new SharedAccessBlobPolicy
{
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Permissions =
SharedAccessBlobPermissions.Write |
SharedAccessBlobPermissions.Read |
SharedAccessBlobPermissions.Delete
};
var sas = blobContainer.GetSharedAccessSignature(sasPolicy);
var sasUri = blobContainer.Uri + sas;
return(sasUri);
}
public string GetImageUrlWithSAS(string fileName, string blobStorageFolder)
{
var blobReference = _getAzureFile.GetAzureBlobFileReference(fileName, blobStorageFolder);
var name = blobReference.Name;
//Set the expiry time and permissions for the blob.
//In this case, the start time is specified as a minute in the past, to mitigate clock skew.
//The shared access signature will be valid immediately.
SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-1),
Permissions = SharedAccessBlobPermissions.Read,
SharedAccessExpiryTime = DateTime.UtcNow.AddSeconds(30)
};
//Generate the shared access signature on the blob, setting the constraints directly on the blob.
string sasBlobToken = blobReference.GetSharedAccessSignature(sasConstraints);
//Return the URI string for the container, including the SAS token.
var uri = blobReference.Uri.AbsoluteUri + sasBlobToken;
return(uri);
}
/// <summary>
/// Get blob shared access signature
/// </summary>
/// <param name="blob">ICloudBlob object</param>
/// <param name="accessPolicy">SharedAccessBlobPolicy object</param>
/// <param name="policyIdentifier">The existing policy identifier.</param>
/// <returns></returns>
private string GetBlobSharedAccessSignature(ICloudBlob blob, SharedAccessBlobPolicy accessPolicy, string policyIdentifier)
{
CloudBlobContainer container = blob.Container;
string signature = String.Empty;
switch (blob.BlobType)
{
case BlobType.BlockBlob:
CloudBlockBlob blockBlob = blob as CloudBlockBlob;
signature = blockBlob.GetSharedAccessSignature(accessPolicy, policyIdentifier);
break;
case BlobType.PageBlob:
CloudPageBlob pageBlob = blob as CloudPageBlob;
signature = pageBlob.GetSharedAccessSignature(accessPolicy, policyIdentifier);
break;
default:
throw new ArgumentException(Resources.UnknownBlob);
}
return(signature);
}
private async Task <Uri> CreateBlobSas(string filePath, string blobContainer, string blobName)
{
var configuration = _httpServer.Host.Services.GetService <IConfiguration>();
string connectionString = configuration.GetWebJobsConnectionString(ConnectionStringNames.Storage);
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
var blobClient = storageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference(blobContainer);
await container.CreateIfNotExistsAsync();
var blob = container.GetBlockBlobReference(blobName);
await blob.UploadFromFileAsync(filePath);
var policy = new SharedAccessBlobPolicy
{
SharedAccessStartTime = DateTime.UtcNow,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List
};
var sas = blob.GetSharedAccessSignature(policy);
var sasUri = new Uri(blob.Uri, sas);
return(sasUri);
}
private void btnBrowse_Click(object sender, EventArgs e)
{
//Open the dialog box
System.Windows.Forms.OpenFileDialog dialog = new System.Windows.Forms.OpenFileDialog();
dialog.InitialDirectory = "C:/";
dialog.Multiselect = true;
dialog.RestoreDirectory = true;
System.Windows.Forms.DialogResult Result = dialog.ShowDialog();
string[] files;
//Load the image to the load image picture box
if (Result == System.Windows.Forms.DialogResult.OK)
{
files = dialog.FileNames;
string blobUri = SettingsValues.BLOB_URL;
string key = SettingsValues.BLOB_KEY;
string account = SettingsValues.BLOB_ACCOUNT;
StorageCredentialsAccountAndKey credentials = new StorageCredentialsAccountAndKey(account, key);
CloudBlobClient client = new CloudBlobClient(blobUri, credentials);
string containerName = "container";
CloudBlobContainer blobContainer = client.GetContainerReference(containerName);
bool created = blobContainer.CreateIfNotExist();
resourceFiles = new List<ResourceFile>();
foreach (string strFile in files)
{
string[] chunks = strFile.Split('\\');
string blobName = chunks[chunks.Length - 1];
string filePath = strFile.Substring(0, strFile.Length - blobName.Length);
CloudBlob blob = blobContainer.GetBlobReference(blobName);
//System.Windows.MessageBox.Show(string.Format("filepath: {0}", strFile));
blob.UploadFile(strFile);
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy();
policy.Permissions = SharedAccessBlobPermissions.Read;
policy.SharedAccessExpiryTime = DateTime.Now.AddHours(1);
string token = blob.GetSharedAccessSignature(policy);
string resourceBlobPath = blobUri + "/" + containerName + "/" + blobName + token;
System.Windows.MessageBox.Show("Uploading file complete");
DataRow row = dataTable1.NewRow(); ;
row.ItemArray = new object[]{blobName, resourceBlobPath};
dataView1.Table.Rows.Add(row);
}
}
}
