/// <summary>
/// Initializes a new instance of the <see cref="SharedAccessFileHeaders"/> class based on an existing instance.
/// </summary>
/// <param name="sharedAccessFileHeaders">The set of <see cref="SharedAccessFileHeaders"/> to clone.</param>
public SharedAccessFileHeaders(SharedAccessFileHeaders sharedAccessFileHeaders)
{
CommonUtility.AssertNotNull("sharedAccessFileHeaders", sharedAccessFileHeaders);
this.ContentType = sharedAccessFileHeaders.ContentType;
this.ContentDisposition = sharedAccessFileHeaders.ContentDisposition;
this.ContentEncoding = sharedAccessFileHeaders.ContentEncoding;
this.ContentLanguage = sharedAccessFileHeaders.ContentLanguage;
this.CacheControl = sharedAccessFileHeaders.CacheControl;
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <param name="protocols">The allowed protocols (https only, or http and https). Null if you don't want to restrict protocol.</param>
/// <param name="ipAddressOrRange">The allowed IP address or IP address range. Null if you don't want to restrict based on IP address.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange)
{
if (!this.ServiceClient.Credentials.IsSharedKey)
{
string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey);
throw new InvalidOperationException(errorMessage);
}
string resourceName = this.GetCanonicalName();
StorageAccountKey accountKey = this.ServiceClient.Credentials.Key;
string signature = FileSharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue);
UriQueryBuilder builder = FileSharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "f", signature, accountKey.KeyName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange);
return(builder.ToString());
}
public async Task CloudFileSASHeadersAsync()
{
for (int i = 1; i < 0x20; i++)
{
CloudFile testFile = this.testShare.GetRootDirectoryReference().GetFileReference("file" + i);
SharedAccessFilePermissions permissions = (SharedAccessFilePermissions)i;
SharedAccessFileHeaders headers = new SharedAccessFileHeaders()
{
CacheControl = "no-transform",
ContentDisposition = "attachment",
ContentEncoding = "gzip",
ContentLanguage = "tr,en",
ContentType = "text/html"
};
await TestFileSAS(testFile, permissions, headers);
}
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
return(GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, null, null));
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers)
{
return(this.GetSharedAccessSignature(policy, headers, null /* groupPolicyIdentifier */));
}
private static async Task TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
CloudFileShare SASshare = null;
CloudFile SASfile;
OperationContext context = new OperationContext();
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
string fileText = "file";
if (share != null)
{
SASshare = new CloudFileShare(credentials.TransformUri(share.Uri));
SASfile = SASshare.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
SASfile = new CloudFile(credentials.TransformUri(file.Uri));
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
await UploadTextAsync(SASfile, fileText, Encoding.UTF8);
}
else if ((permissions & SharedAccessFilePermissions.Create) == SharedAccessFilePermissions.Create)
{
await SASfile.CreateAsync(Encoding.UTF8.GetBytes(fileText).Length);
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await UploadTextAsync(SASfile, fileText, Encoding.UTF8, operationContext: context),
context,
"UploadText SAS does not allow for writing",
HttpStatusCode.Forbidden,
"");
await UploadTextAsync(file, fileText, Encoding.UTF8);
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.CreateAsync(Encoding.UTF8.GetBytes(fileText).Length, null /* accessCondition */, null /* options */, context),
context,
"Create file succeeded but SAS does not allow for writing/creating",
HttpStatusCode.Forbidden,
"");
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await UploadTextAsync(SASfile, fileText, Encoding.UTF8, operationContext: context),
context,
"UploadText SAS does not allow for writing/creating",
HttpStatusCode.Forbidden,
"");
await UploadTextAsync(file, fileText, Encoding.UTF8);
}
if (SASshare != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
FileResultSegment results = await SASshare.GetRootDirectoryReference().ListFilesAndDirectoriesSegmentedAsync(null);
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => { FileResultSegment results = await SASshare.GetRootDirectoryReference().ListFilesAndDirectoriesSegmentedAsync(null /* maxResults */, null /* currentToken */, null /* options */, context); },
context,
"List files while SAS does not allow for listing",
HttpStatusCode.Forbidden,
"");
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
await SASfile.FetchAttributesAsync();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, SASfile.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, SASfile.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, SASfile.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, SASfile.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, SASfile.Properties.ContentType);
}
}
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.Forbidden,
"");
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
await SASfile.SetMetadataAsync();
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.SetMetadataAsync(null /* accessCondition */, null /* options */, context),
context,
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.Forbidden,
"");
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
await SASfile.DeleteAsync();
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.DeleteAsync(null /* accessCondition */, null /* options */, context),
context,
"Delete file while SAS does not allow for deleting",
HttpStatusCode.Forbidden,
"");
}
}
private static async Task TestFileSAS(CloudFile testFile, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers)
{
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = testFile.GetSharedAccessSignature(policy, headers, null);
await TestAccess(sasToken, permissions, headers, null, testFile);
}
private static void TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
CloudFileShare SASshare = null;
CloudFile SASfile;
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
string fileText = "file";
if (share != null)
{
SASshare = new CloudFileShare(credentials.TransformUri(share.Uri));
SASfile = SASshare.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
SASfile = new CloudFile(credentials.TransformUri(file.Uri));
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
UploadText(SASfile, fileText, Encoding.UTF8);
}
else if ((permissions & SharedAccessFilePermissions.Create) == SharedAccessFilePermissions.Create)
{
SASfile.Create(Encoding.UTF8.GetBytes(fileText).Length);
TestHelper.ExpectedException(
() => UploadText(SASfile, fileText, Encoding.UTF8),
"UploadText SAS does not allow for writing",
HttpStatusCode.Forbidden);
UploadText(file, fileText, Encoding.UTF8);
}
else
{
TestHelper.ExpectedException(
() => SASfile.Create(Encoding.UTF8.GetBytes(fileText).Length),
"Create file succeeded but SAS does not allow for writing/creating",
HttpStatusCode.Forbidden);
TestHelper.ExpectedException(
() => UploadText(SASfile, fileText, Encoding.UTF8),
"UploadText SAS does not allow for writing/creating",
HttpStatusCode.Forbidden);
UploadText(file, fileText, Encoding.UTF8);
}
if (SASshare != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
SASshare.GetRootDirectoryReference().ListFilesAndDirectories().ToArray();
}
else
{
TestHelper.ExpectedException(
() => SASshare.GetRootDirectoryReference().ListFilesAndDirectories().ToArray(),
"List files while SAS does not allow for listing",
HttpStatusCode.Forbidden);
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
SASfile.FetchAttributes();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, SASfile.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, SASfile.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, SASfile.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, SASfile.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, SASfile.Properties.ContentType);
}
}
}
else
{
TestHelper.ExpectedException(
() => SASfile.FetchAttributes(),
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.Forbidden);
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
SASfile.SetMetadata();
}
else
{
TestHelper.ExpectedException(
() => SASfile.SetMetadata(),
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.Forbidden);
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
SASfile.Delete();
}
else
{
TestHelper.ExpectedException(
() => SASfile.Delete(),
"Delete file while SAS does not allow for deleting",
HttpStatusCode.Forbidden);
}
}
