public BlobSasQueryParameters GetNewBlobServiceSasCredentialsBlob(string containerName, string blobName, StorageSharedKeyCredential sharedKeyCredentials = default) { BlobSasBuilder builder = GetBlobSasBuilder(containerName, blobName); builder.SetPermissions( BlobSasPermissions.Read | BlobSasPermissions.Add | BlobSasPermissions.Create | BlobSasPermissions.Delete | BlobSasPermissions.Write); return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials())); }
public BlobSasQueryParameters GetBlobSas( string containerName, string blobName, BlobSasPermissions permissions, StorageSharedKeyCredential sharedKeyCredential = default, string sasVersion = default) { BlobSasBuilder sasBuilder = GetBlobSasBuilder(containerName, blobName, sasVersion: sasVersion); sasBuilder.SetPermissions(permissions); return(sasBuilder.ToSasQueryParameters(sharedKeyCredential ?? GetNewSharedKeyCredentials())); }
public async Task SetImmutibilityPolicyAsync_SetLegalHold_BlobSnapshotSas(SnapshotSasPermissions sasPermissions) { // Arrange BlobBaseClient blob = await GetNewBlobClient(_containerClient, GetNewBlobName()); Response <BlobSnapshotInfo> snapshotResponse = await blob.CreateSnapshotAsync(); BlobSasBuilder blobSasBuilder = new BlobSasBuilder { BlobContainerName = _containerClient.Name, BlobName = blob.Name, ExpiresOn = Recording.UtcNow.AddDays(1), Snapshot = snapshotResponse.Value.Snapshot }; blobSasBuilder.SetPermissions(sasPermissions); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(Tenants.TestConfigOAuth.AccountName, Tenants.TestConfigOAuth.AccountKey); BlobUriBuilder uriBuilder = new BlobUriBuilder(blob.Uri) { Snapshot = snapshotResponse.Value.Snapshot, Sas = blobSasBuilder.ToSasQueryParameters(sharedKeyCredential) }; BlobBaseClient sasBlobSnapshotClient = InstrumentClient(new BlobBaseClient(uriBuilder.ToUri(), GetOptions())); BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy { ExpiresOn = Recording.UtcNow.AddMinutes(5), PolicyMode = BlobImmutabilityPolicyMode.Unlocked }; // The service rounds Immutability Policy Expiry to the nearest second. DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value); // Act Response <BlobImmutabilityPolicy> response = await sasBlobSnapshotClient.SetImmutabilityPolicyAsync( immutabilityPolicy : immutabilityPolicy); // Assert Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn); Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode); // Act Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobSnapshotClient.SetLegalHoldAsync(hasLegalHold : false); // Assert Assert.IsFalse(legalHoldResponse.Value.HasLegalHold); await sasBlobSnapshotClient.DeleteImmutabilityPolicyAsync(); // Delete blob snapshot. await blob.WithSnapshot(snapshotResponse.Value.Snapshot).DeleteAsync(); }
public BlobSasQueryParameters GetBlobIdentitySas( string containerName, string blobName, BlobSasPermissions permissions, UserDelegationKey userDelegationKey, string accountName, string sasVersion = default) { BlobSasBuilder sasBuilder = GetBlobSasBuilder(containerName, blobName, sasVersion: sasVersion); sasBuilder.SetPermissions(permissions); return sasBuilder.ToSasQueryParameters(userDelegationKey, accountName); }
public async Task <IActionResult> GenerateSasToken( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req, ILogger log, ExecutionContext context) { log.LogWarning($"HTTP trigger function {nameof(GetSasToken)} received a request."); ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers); if (authorizationResult.Failed) { log.LogWarning(authorizationResult.FailureReason); return(new UnauthorizedResult()); } log.LogWarning($"HTTP trigger function {nameof(GetSasToken)} request is authorized."); string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); ImageData imageData = JsonConvert.DeserializeObject <ImageData>(requestBody); CloudStorageAccount storageAccount = GetCloudStorageAccount(context); var credentials = storageAccount.Credentials; var accountName = credentials.AccountName; var accountKey = credentials.ExportBase64EncodedKey(); var fullFileName = GetFullFileName(imageData.SasAccessType); var blobNamePath = GetBlobNamePath(imageData.SasAccessType); var blobName = $"{blobNamePath}/{fullFileName}"; // Create an instance of the CloudBlobClient CloudBlobClient client = storageAccount.CreateCloudBlobClient(); // Retrieve an instance of the container using hard-code container name CloudBlobContainer container = client.GetContainerReference("cdn"); // Create a SAS token that's valid for one hour BlobSasBuilder sasBuilder = new BlobSasBuilder { ExpiresOn = DateTime.UtcNow.AddHours(1), BlobContainerName = container.Name, BlobName = blobName, Resource = "b" }; // Specify permission for the SAS sasBuilder.SetPermissions(BlobSasPermissions.Create); // Use the key to get the SAS token string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(accountName, accountKey)) .ToString(); var sasUri = $"{container.GetBlobReference(blobName).Uri}?{sasToken}"; return(new OkObjectResult(sasUri)); }
private string GetBlobSasUri(BlobClient blobClient, BlobSasBuilder sasBuilder, string container) { return(new UriBuilder { Scheme = _storageOptions.ContentScheme, Host = _storageOptions.ContentHostname, Path = $"{container}/{blobClient.Name}", Query = sasBuilder .ToSasQueryParameters(new StorageSharedKeyCredential(_storageOptions.Account, _storageOptions.Key)) .ToString() }.ToString()); }
private async Task <Uri> GetUserDelegationSasBlobUri(string blobName) { // Construct the blob endpoint from the account name. var blobEndpoint = $"https://{_config["StorageAccount:Name"]}.blob.core.windows.net"; // Create a new Blob service client with Azure AD credentials. var blobClient = new BlobServiceClient(new Uri(blobEndpoint), AuthenticationHelper.GetTokenCredential(_config)); // Get a user delegation key for the Blob service that's valid for 10 minutes. // You can use the key to generate any number of shared access signatures over the lifetime of the key. UserDelegationKey key = await blobClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddMinutes(10)); // Read the key's properties. _logger.LogInformation("User delegation key properties:"); _logger.LogInformation("Key signed start: {0}", key.SignedStartsOn); _logger.LogInformation("Key signed expiry: {0}", key.SignedExpiresOn); _logger.LogInformation("Key signed object ID: {0}", key.SignedObjectId); _logger.LogInformation("Key signed tenant ID: {0}", key.SignedTenantId); _logger.LogInformation("Key signed service: {0}", key.SignedService); _logger.LogInformation("Key signed version: {0}", key.SignedVersion); // Create a SAS token that's valid for one hour. var sasBuilder = new BlobSasBuilder() { BlobContainerName = _config["StorageAccount:ContainerName"], BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10) }; // Specify write permissions for the SAS. sasBuilder.SetPermissions(BlobSasPermissions.Write); // Use the key to get the SAS token. var sasToken = sasBuilder.ToSasQueryParameters(key, _config["StorageAccount:Name"]).ToString(); // Construct the full URI, including the SAS token. var fullUri = new UriBuilder() { Scheme = "https", Host = $"{_config["StorageAccount:Name"]}.blob.core.windows.net", Path = $"{_config["StorageAccount:ContainerName"]}/{blobName}", Query = sasToken }; _logger.LogInformation("User delegation SAS URI: {0}", fullUri); return(fullUri.Uri); }
private string GetBlobSasUri(string uri) { var adHocSAS = new BlobSasBuilder { BlobContainerName = this.containerName, ExpiresOn = DateTime.UtcNow.AddHours(1), }; adHocSAS.SetPermissions(BlobSasPermissions.All); var sasToken = adHocSAS.ToSasQueryParameters(new Azure.Storage.StorageSharedKeyCredential(this.accountName, this.accountKey)); return(uri + sasToken); }
public async Task SetImmutibilityPolicyAsync_SetLegalHold_BlobVersionSas(BlobVersionSasPermissions sasPermissions) { // Arrange await using DisposingImmutableStorageWithVersioningContainer vlwContainer = await GetTestVersionLevelWormContainer(TestConfigOAuth); BlobBaseClient blob = await GetNewBlobClient(vlwContainer.Container, GetNewBlobName()); IDictionary <string, string> metadata = BuildMetadata(); Response <BlobInfo> metadataResponse = await blob.SetMetadataAsync(metadata); BlobSasBuilder blobSasBuilder = new BlobSasBuilder { BlobContainerName = vlwContainer.Container.Name, BlobName = blob.Name, ExpiresOn = Recording.UtcNow.AddDays(1), Version = metadataResponse.Value.VersionId }; blobSasBuilder.SetPermissions(sasPermissions); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(TestConfigOAuth.AccountName, TestConfigOAuth.AccountKey); BlobUriBuilder uriBuilder = new BlobUriBuilder(blob.Uri) { VersionId = metadataResponse.Value.VersionId, Sas = blobSasBuilder.ToSasQueryParameters(sharedKeyCredential) }; BlobBaseClient sasBlobSnapshotClient = InstrumentClient(new BlobBaseClient(uriBuilder.ToUri(), GetOptions())); BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy { ExpiresOn = Recording.UtcNow.AddMinutes(5), PolicyMode = BlobImmutabilityPolicyMode.Unlocked }; // The service rounds Immutability Policy Expiry to the nearest second. DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value); // Act Response <BlobImmutabilityPolicy> response = await sasBlobSnapshotClient.SetImmutabilityPolicyAsync( immutabilityPolicy : immutabilityPolicy); // Assert Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn); Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode); // Act Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobSnapshotClient.SetLegalHoldAsync(hasLegalHold : false); // Assert Assert.IsFalse(legalHoldResponse.Value.HasLegalHold); }
/// <inheritdoc/> public string GetSasUrlForBlob(Uri blobUri, TimeSpan ttl, StorageClientProviderContext context) { _ = blobUri ?? throw new ArgumentNullException(nameof(blobUri)); _ = context ?? throw new ArgumentNullException(nameof(context)); try { var blobUriBuilder = new BlobUriBuilder(blobUri); // Create a SAS token that's valid for the TimeSpan, plus a back-off start for clock skew. var timeRange = StorageHelpers.CreateTimeRangeForUrl(ttl); BlobSasBuilder sasBuilder = new BlobSasBuilder { BlobContainerName = blobUriBuilder.BlobContainerName, BlobName = blobUriBuilder.BlobName, Resource = "b", // "b" is for blob StartsOn = timeRange.StartTime, ExpiresOn = timeRange.EndTime, }.UnescapeTargetPath(); // Important adjustment(s) for SAS computation sasBuilder.SetPermissions(BlobSasPermissions.Read); // read permissions only for the SAS. var sleeve = _blobBaseClientProvider.GetBlobClientSleeveForUri(blobUri, context); var userDelegation = sleeve.Service.GetUserDelegationKey(sasBuilder.StartsOn, sasBuilder.ExpiresOn)?.Value; if (userDelegation == null) { var msg = $@"Unable to get a user delegation key from the Storage service for blob {blobUri}"; _log.LogEvent(LogEventIds.StorageServiceMissingConnectionString, msg); throw new GridwichStorageServiceException(blobUri, msg, LogEventIds.StorageServiceMissingConnectionString, context.ClientRequestIdAsJObject); } var sasToken = sasBuilder.ToSasQueryParameters(userDelegation, blobUriBuilder.AccountName); blobUriBuilder.Sas = sasToken; // Construct the full URI, including the SAS token. AbsoluteUri (vs. ToString) is to ensure the %HH escaping is used. return(blobUriBuilder.ToUri().AbsoluteUri); } catch (RequestFailedException e) { var msg = $@"Unable to get a user delegation key from the Storage service for blob {blobUri}"; _log.LogEvent(LogEventIds.StorageServiceMissingConnectionString, msg); throw new GridwichStorageServiceException(blobUri, msg, LogEventIds.StorageServiceMissingConnectionString, context.ClientRequestIdAsJObject, e); } catch (Exception e) { _log.LogExceptionObject(LogEventIds.FailedToCreateBlobSasUriInStorageService, e, blobUri); throw new GridwichStorageServiceException(blobUri, "Failed to generate the SAS url.", LogEventIds.FailedToCreateBlobSasUriInStorageService, context.ClientRequestIdAsJObject, e); } }
private string GetSasToken(string containerName, string blobName, string resourceType, BlobAccountSasPermissions permissions, DateTimeOffset startsOn, DateTimeOffset expiresOn) { var sasBuilder = new BlobSasBuilder { BlobContainerName = containerName, BlobName = blobName, Resource = resourceType, StartsOn = startsOn, ExpiresOn = expiresOn }; sasBuilder.SetPermissions(permissions); return(sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(_accountName, _accountKey)).ToString()); }
public string GetServiceSASToken() { Logger.LogInformation($"{nameof(InquiryLogBlobService)} {nameof(GetServiceSASToken)}"); BlobSasBuilder.BlobContainerName = Config.InquiryLogBlobStorageContainerPrefix().ToLower(); BlobSasBuilder.Resource = "c"; BlobSasBuilder.StartsOn = DateTimeOffset.UtcNow; BlobSasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(10); BlobSasBuilder.SetPermissions(BlobContainerSasPermissions.Create); var credential = new StorageSharedKeyCredential(Config.InquiryLogBlobAccountName(), Config.InquiryLogBlobAccountKey()); var sasToken = BlobSasBuilder.ToSasQueryParameters(credential).ToString(); return(sasToken); }
private async Task <bool> DoesOAuthWorkAsync() { TestContext.Error.WriteLine($"Blob Probing OAuth {Process.GetCurrentProcess().Id}"); try { for (int i = 0; i < 10; i++) { BlobServiceClient serviceClient = new BlobServiceClient( new Uri(TestConfigurations.DefaultTargetOAuthTenant.BlobServiceEndpoint), GetOAuthCredential(TestConfigurations.DefaultTargetOAuthTenant)); await serviceClient.GetPropertiesAsync(); var containerName = Guid.NewGuid().ToString(); var containerClient = serviceClient.GetBlobContainerClient(containerName); await containerClient.CreateIfNotExistsAsync(); try { await containerClient.GetPropertiesAsync(); var blobName = Guid.NewGuid().ToString(); var blobClient = containerClient.GetAppendBlobClient(blobName); await blobClient.CreateIfNotExistsAsync(); await blobClient.GetPropertiesAsync(); var userDelegationKey = await serviceClient.GetUserDelegationKeyAsync(startsOn : null, expiresOn : DateTimeOffset.UtcNow.AddHours(1)); var sasBuilder = new BlobSasBuilder(BlobSasPermissions.All, DateTimeOffset.UtcNow.AddHours(1)) { BlobContainerName = containerName, BlobName = blobName, }; var sas = sasBuilder.ToSasQueryParameters(userDelegationKey.Value, serviceClient.AccountName).ToString(); await new BlobBaseClient(blobClient.Uri, new AzureSasCredential(sas)).GetPropertiesAsync(); } finally { await containerClient.DeleteIfExistsAsync(); } } } catch (RequestFailedException e) when(e.Status == 403 && e.ErrorCode == "AuthorizationPermissionMismatch") { TestContext.Error.WriteLine($"Blob Probing OAuth - not ready {Process.GetCurrentProcess().Id}"); return(false); } TestContext.Error.WriteLine($"Blob Probing OAuth - ready {Process.GetCurrentProcess().Id}"); return(true); }
public BlobSasQueryParameters GetNewBlobServiceSasCredentialsContainer(string containerName, StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new BlobSasBuilder { BlobContainerName = containerName, Protocol = SasProtocol.None, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions(BlobContainerSasPermissions.All); return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials())); }
public BlobSasQueryParameters GetNewBlobServiceIdentitySasCredentialsContainer(string containerName, UserDelegationKey userDelegationKey, string accountName) { var builder = new BlobSasBuilder { BlobContainerName = containerName, Protocol = SasProtocol.None, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions(BlobContainerSasPermissions.All); return(builder.ToSasQueryParameters(userDelegationKey, accountName)); }
/// <inheritdoc/> public async Task <string> GetSasUrlAsync(Uri blobUri, TimeSpan ttl) { _ = blobUri ?? throw new ArgumentNullException(nameof(blobUri)); try { var blobUriBuilder = new BlobUriBuilder(blobUri); // Create a SAS token that's valid for the TimeSpan, plus a back-off start for clock skew. BlobSasBuilder sasBuilder = new BlobSasBuilder { BlobContainerName = blobUriBuilder.BlobContainerName, BlobName = blobUriBuilder.BlobName, Resource = "b", // "b" is for blob StartsOn = DateTimeOffset.UtcNow.AddMinutes(-5), ExpiresOn = DateTimeOffset.UtcNow + ttl, }; sasBuilder.SetPermissions(BlobSasPermissions.Read); // read permissions only for the SAS. var blobServiceClient = new BlobServiceClient(new UriBuilder(blobUriBuilder.Scheme, blobUriBuilder.Host).Uri, _tokenCredential, null); var userDelegation = (await blobServiceClient.GetUserDelegationKeyAsync(sasBuilder.StartsOn, sasBuilder.ExpiresOn).ConfigureAwait(false))?.Value; if (userDelegation == null) { var msg = $@"Unable to get a user delegation key from the Storage service for blob {blobUri}"; _log.LogError(msg); throw new Exception(msg); } var sasToken = sasBuilder.ToSasQueryParameters(userDelegation, blobUriBuilder.AccountName); blobUriBuilder.Sas = sasToken; // Construct the full URI, including the SAS token. return(blobUriBuilder.ToUri().ToString()); } catch (RequestFailedException e) { var msg = $@"Unable to get a user delegation key from the Storage service for blob {blobUri}"; _log.LogError(msg); throw new Exception(msg, e); } catch (Exception e) { var msg = $@"Failed to generate the SAS url for blob {blobUri}"; _log.LogError(msg); throw new Exception(msg, e); } }
public static string CreateSASToken(string BlobStorageAccountName, string BlobStorageContainerName, string BlobStorageFolderPath, string DataFileName, int accessDuration) { // Get a credential and create a client object for the blob container. Note using new Azure Core credential flow BlobServiceClient blobClient = new BlobServiceClient(new Uri(BlobStorageAccountName), new DefaultAzureCredential()); //blobClient.GetProperties(); var startDate = DateTimeOffset.UtcNow.AddMinutes(-1); var endDate = DateTimeOffset.UtcNow.AddDays(accessDuration); // Get a user delegation key for the Blob service that's valid for seven days. // You can use the key to generate any number of shared access signatures over the lifetime of the key. UserDelegationKey key = blobClient.GetUserDelegationKey(startDate, endDate); Uri BlobUri = new Uri(BlobStorageAccountName); BlobContainerClient containerClient = new BlobContainerClient(BlobUri, new DefaultAzureCredential()); // Create a SAS token BlobSasBuilder sasBuilder = new BlobSasBuilder() { BlobContainerName = BlobStorageContainerName, BlobName = String.Format("{0}{1}", BlobStorageFolderPath, DataFileName), Resource = "b", StartsOn = startDate, ExpiresOn = endDate, Protocol = SasProtocol.Https }; // Specify read permissions for the SAS. BlobSasPermissions perms = BlobSasPermissions.Create | BlobSasPermissions.Write; sasBuilder.SetPermissions(perms); // Use the key to get the SAS token. string sasToken = sasBuilder.ToSasQueryParameters(key, BlobUri.Host.Split('.')[0]).ToString(); // Construct the full URI, including the SAS token. UriBuilder fullUri = new UriBuilder() { Scheme = "https", Host = string.Format("{0}.blob.core.windows.net", BlobUri.Host.Split('.')[0]), Path = string.Format("{0}/{1}{2}", BlobStorageContainerName, BlobStorageFolderPath, DataFileName), Query = sasToken }; string retvar = "&Path=" + Uri.EscapeDataString(fullUri.Path.ToString()); retvar += "&" + sasToken; return(retvar); }
/// <summary> /// Create a container if doesn't exist, setting permission with policy, and return assosciated SAS signature /// </summary> /// <param name="account">Storage account</param> /// <param name="Key">Storage account key</param> /// <param name="blobUri">Blob endpoint URI</param> /// <param name="containerName">Name of the container to be created</param> /// <param name="policy">Name for the policy</param> /// <param name="start">Start time of the policy</param> /// <param name="end">Expire time of the policy</param> /// <param name="permissions">Blob access permissions</param> /// <returns>the SAS for the container, in full URI format.</returns>. private static async Task <string> CreateContainerWithPolicySASIfNotExistAsync(string account, string key, Uri blobUri, string containerName, string policy, DateTime start, DateTime end, string permissions) { // 1. form the credentail and initial client StagingStorageAccount stagingCredentials = new StagingStorageAccount(account, key, blobUri.ToString()); StorageSharedKeyCredential shardKeyCredentials = new StorageSharedKeyCredential(account, key); BlobContainerClient containerClient = BlobUtilities.GetBlobContainerClient(containerName, stagingCredentials); // 2. create container if it doesn't exist containerClient.CreateIfNotExists(); // 3. validate policy, create/overwrite if doesn't match BlobSignedIdentifier identifier = new BlobSignedIdentifier { Id = policy, AccessPolicy = new BlobAccessPolicy { Permissions = permissions, StartsOn = start, ExpiresOn = end, }, }; var accessPolicy = (await containerClient.GetAccessPolicyAsync()).Value; bool policyFound = accessPolicy.SignedIdentifiers.Any(i => i == identifier); if (policyFound == false) { await containerClient.SetAccessPolicyAsync(PublicAccessType.BlobContainer, permissions : new List <BlobSignedIdentifier> { identifier }); } BlobSasBuilder sasBuilder = new BlobSasBuilder { BlobContainerName = containerName, StartsOn = start, ExpiresOn = end, }; sasBuilder.SetPermissions(permissions); BlobUriBuilder builder = new BlobUriBuilder(containerClient.Uri) { Sas = sasBuilder.ToSasQueryParameters(shardKeyCredentials) }; string fullSas = builder.ToString(); return(fullSas); }
public BlobSasQueryParameters GetNewBlobServiceSasCredentialsSnapshot(string containerName, string blobName, string snapshot, StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new BlobSasBuilder { BlobContainerName = containerName, BlobName = blobName, Snapshot = snapshot, Protocol = SasProtocol.None, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None), Version = ToSasVersion(_serviceVersion) }; builder.SetPermissions(SnapshotSasPermissions.All); return builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials()); }
public string GenerateSasToken() { BlobSasBuilder builder = new BlobSasBuilder(); builder.BlobContainerName = _storageServiceConfiguration.ContainerName; builder.ContentType = "video/mp4"; builder.SetPermissions(BlobAccountSasPermissions.Read); builder.StartsOn = DateTimeOffset.UtcNow; builder.ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(90); var sasToken = builder .ToSasQueryParameters(new StorageSharedKeyCredential(_storageServiceConfiguration.AccountName, _storageServiceConfiguration.Key)) .ToString(); return(sasToken); }
public string GenerateSASTokenForContainer(string containerName) { BlobSasBuilder builder = new BlobSasBuilder() { BlobContainerName = containerName, Resource = "c", // "c" = container, "b" = blob StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddHours(3) }; builder.SetPermissions(BlobContainerSasPermissions.Read); var creds = new StorageSharedKeyCredential(options.AccountName, options.Key); return(builder.ToSasQueryParameters(creds).ToString()); }
public async Task SasBuilder() { string accountName = StorageAccountName; string accountKey = StorageAccountKey; string containerName = Randomize("sample-container"); string blobName = Randomize("sample-blob"); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey); // setup blob var container = new BlobContainerClient(ConnectionString, containerName); try { await container.CreateAsync(); await container.GetBlobClient(blobName).UploadAsync(new MemoryStream(Encoding.UTF8.GetBytes("hello world"))); #region Snippet:SampleSnippetsBlobMigration_SasBuilder // Create BlobSasBuilder and specify parameters BlobSasBuilder sasBuilder = new BlobSasBuilder() { // with no url in a client to read from, container and blob name must be provided if applicable BlobContainerName = containerName, BlobName = blobName, ExpiresOn = DateTimeOffset.Now.AddHours(1) }; // permissions applied separately, using the appropriate enum to the scope of your SAS sasBuilder.SetPermissions(BlobSasPermissions.Read); // Create full, self-authenticating URI to the resource BlobUriBuilder uriBuilder = new BlobUriBuilder(StorageAccountBlobUri) { BlobContainerName = containerName, BlobName = blobName, Sas = sasBuilder.ToSasQueryParameters(sharedKeyCredential) }; Uri sasUri = uriBuilder.ToUri(); #endregion // successful download indicates pass await new BlobClient(sasUri).DownloadToAsync(new MemoryStream()); } finally { await container.DeleteIfExistsAsync(); } }
public void GetAdHocBlobSasToken(string containerName, string blobName) { var sasBuilder = new BlobSasBuilder() { BlobContainerName = containerName, BlobName = blobName, Resource = "b",//Value b is for generating token for a Blob and c is for container StartsOn = DateTime.UtcNow.AddMinutes(-2), ExpiresOn = DateTime.UtcNow.AddMinutes(10), }; sasBuilder.SetPermissions(BlobSasPermissions.Read | BlobSasPermissions.Write); //multiple permissions can be added by using | symbol var sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(GetKeyValueFromConnectionString("AccountName"), GetKeyValueFromConnectionString("AccountKey"))); Console.WriteLine($"{new BlobClient(connectionString, containerName, blobName).Uri}?{sasToken}"); }
public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function processed a request."); string id = req.Query["id"]; string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); dynamic data = JsonConvert.DeserializeObject(requestBody); id = id ?? data?.id; var response = await searchClient.GetDocumentAsync <SearchDocument>(id); object metadata_storage_path; response.Value.TryGetValue("metadata_storage_path", out metadata_storage_path); var storagePath = metadata_storage_path.ToString(); var startIndex = storagePath.IndexOf(Constants.containerName) + Constants.containerName.Length + 1; var blobName = storagePath.Substring(startIndex); blobName = Uri.UnescapeDataString(blobName); log.LogInformation(blobName); var policy = new BlobSasBuilder { Protocol = SasProtocol.HttpsAndHttp, BlobContainerName = storageContainerName, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddHours(1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; policy.SetPermissions(BlobSasPermissions.Read); var sas = policy.ToSasQueryParameters(sharedStorageCredentials); LookupOutput output = new LookupOutput(); output.document = response.Value; output.sasToken = sas.ToString(); return(new OkObjectResult(output)); }
private async Task <string> GenerateSasUri(BlobItem blob, string tenant) { try { var storageAccount = await GetStorageAccount(); var storageKey = await GetStorageKey(); // Defines the resource being accessed and for how long the access is allowed. var blobSasBuilder = new BlobSasBuilder { StartsOn = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(15d)), ExpiresOn = DateTimeOffset.UtcNow.AddHours(1), BlobContainerName = tenant, Resource = "b", BlobName = blob.Name, }; // Defines the type of permission. blobSasBuilder.SetPermissions(BlobSasPermissions.Read); // Builds an instance of StorageSharedKeyCredential var storageSharedKeyCredential = new StorageSharedKeyCredential(storageAccount.Credentials.AccountName, storageKey); // Builds the Sas URI. var sasQueryParameters = blobSasBuilder.ToSasQueryParameters(storageSharedKeyCredential); // Construct the full URI, including the SAS token. var fullUri = new UriBuilder { Scheme = "https", Host = $"{storageAccount.Credentials.AccountName}.blob.core.windows.net", Path = $"{tenant}/{blob.Name}", Query = sasQueryParameters.ToString() }; return(fullUri.ToString()); } catch (Exception e) { Logger.LogError(e, $"An error occurred while generating the Sas Uri for blob {blob.Name}"); throw; } }
private async static Task <Uri> GetUserDelegationSasBlob(string containerName, string blobName) { // Construct the blob endpoint from the account name. string blobEndpoint = string.Format("https://{0}.blob.core.windows.net", Settings.StorageAccount); var credential = new ClientSecretCredential( Settings.TenantId, Settings.ClientId, Settings.ClientSecret, new TokenCredentialOptions()); // Create a new Blob service client with Azure AD credentials. BlobServiceClient blobClient = new BlobServiceClient(new Uri(blobEndpoint), credential); // Get a user delegation key for the Blob service that's valid for seven days. // You can use the key to generate any number of shared access signatures over the lifetime of the key. UserDelegationKey key = await blobClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7)); // Create a SAS token that's valid for one hour. BlobSasBuilder sasBuilder = new BlobSasBuilder() { BlobContainerName = containerName, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddHours(1) }; // Specify read permissions for the SAS. sasBuilder.SetPermissions(BlobSasPermissions.Read); // Use the key to get the SAS token. string sasToken = sasBuilder.ToSasQueryParameters(key, Settings.StorageAccount).ToString(); // Construct the full URI, including the SAS token. UriBuilder fullUri = new UriBuilder() { Scheme = "https", Host = string.Format("{0}.blob.core.windows.net", Settings.StorageAccount), Path = string.Format("{0}/{1}", containerName, blobName), Query = sasToken }; return(fullUri.Uri); }
public static string GetWriteableSasUri(BlobContainerClient containerClient, StagingStorageAccount storageAccount) { var sasBuilder = new BlobSasBuilder { ExpiresOn = DateTime.UtcNow.AddDays(1), BlobContainerName = containerClient.Name, }; sasBuilder.SetPermissions(BlobSasPermissions.Write); StorageSharedKeyCredential credentials = GetSharedKeyCredential(storageAccount); BlobUriBuilder builder = new BlobUriBuilder(containerClient.Uri); builder.Sas = sasBuilder.ToSasQueryParameters(credentials); string fullSas = builder.ToString(); return(fullSas); }
public async Task <string> Url(string id) { var blob = _container.GetBlobClient(id); var sas = new BlobSasBuilder { BlobContainerName = blob.BlobContainerName, BlobName = blob.Name, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-15), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(15) }; sas.SetPermissions(BlobContainerSasPermissions.Read); return($"{blob.Uri}?{sas.ToSasQueryParameters(_key)}"); }
public string GetSasUri(BlobContainerClient container, string blobName) { BlobSasBuilder sasBuilder = new BlobSasBuilder() { BlobContainerName = container.Name, BlobName = blobName, Resource = "b", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-1), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(2) }; sasBuilder.SetPermissions(BlobContainerSasPermissions.Read); string sasToken = sasBuilder.ToSasQueryParameters(Credential).ToString(); return($"{container.Uri.AbsoluteUri}/{blobName}?{sasToken}"); }
public string GetContainerKey(string containerName, int permissions = 1, int expireDurationInHours = 12) //Default permission is read { BlobSasBuilder sasBuilder = new BlobSasBuilder() { BlobContainerName = containerName, BlobName = String.Empty, Resource = "c", StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddHours(expireDurationInHours) }; sasBuilder.SetPermissions((BlobSasPermissions)permissions); var storageSharedKeyCredential = new StorageSharedKeyCredential(_storageAccountName, _storageAccountKey); string sasToken = sasBuilder.ToSasQueryParameters(storageSharedKeyCredential).ToString(); return(sasToken); }