/// <summary> /// Parse Uri for SAS (Shared access signature) information. /// </summary> /// <param name="address">The complete Uri.</param> /// <param name="parsedCredentials">The credentials to use.</param> /// <remarks> /// Validate that no other query parameters are passed in. /// Any SAS information will be recorded as corresponding credentials instance. /// If credentials is passed in and it does not match the SAS information found, an /// exception will be thrown. /// Otherwise a new client is created based on SAS information or as anonymous credentials. /// </remarks> internal static Uri ParseBlobQueryAndVerify(Uri address, out StorageCredentials parsedCredentials, out DateTimeOffset?parsedSnapshot) { CommonUtils.AssertNotNull("address", address); if (!address.IsAbsoluteUri) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.RelativeAddressNotPermitted, address.ToString()); throw new ArgumentException(errorMessage, "address"); } IDictionary <string, string> queryParameters = HttpUtility.ParseQueryString(address.Query); parsedSnapshot = null; string snapshot; if (queryParameters.TryGetValue(Constants.QueryConstants.Snapshot, out snapshot)) { if (!string.IsNullOrEmpty(snapshot)) { parsedSnapshot = ParseSnapshotTime(snapshot); } } parsedCredentials = SharedAccessSignatureHelper.ParseQuery(queryParameters); return(new Uri(address.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped))); }
public string GetSharedAccessSignature(SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string sasVersion) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string validatedSASVersion = SharedAccessSignatureHelper.ValidateSASVersionString(sasVersion); string resourceName = this.GetCanonicalName(validatedSASVersion); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string signature = SharedAccessSignatureHelper.GetHash( policy, accessPolicyIdentifier, resourceName, validatedSASVersion, accountKey.KeyValue); string accountKeyName = accountKey.KeyName; UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature( policy, accessPolicyIdentifier, signature, accountKeyName, validatedSASVersion); return(builder.ToString()); }
/// <summary> /// Returns a shared access signature for the share. /// </summary> /// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="groupPolicyIdentifier">A share-level access policy.</param> /// <param name="protocols">The allowed protocols (https only, or http and https). Null if you don't want to restrict protocol.</param> /// <param name="ipAddressOrRange">The allowed IP address or IP address range. Null if you don't want to restrict based on IP address.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetSharedAccessCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; #if ALL_SERVICES string signature = SharedAccessSignatureHelper.GetHash(policy, null /* headers */, groupPolicyIdentifier, resourceName, OperationContext.StorageVersion ?? Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue); #else string signature = FileSharedAccessSignatureHelper.GetHash(policy, null /* headers */, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue); #endif string accountKeyName = accountKey.KeyName; #if ALL_SERVICES UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, null /* headers */, groupPolicyIdentifier, "s", signature, accountKeyName, OperationContext.StorageVersion ?? Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange); #else UriQueryBuilder builder = FileSharedAccessSignatureHelper.GetSignature(policy, null /* headers */, groupPolicyIdentifier, "s", signature, accountKeyName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange); #endif return(builder.ToString()); }
/// <summary> /// Returns a shared access signature for the queue. /// </summary> /// <param name="policy">A <see cref="SharedAccessQueuePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="protocols">The allowed protocols (https only, or http and https). Null if you don't want to restrict protocol.</param> /// <param name="ipAddressOrRange">The allowed IP address or IP address range. Null if you don't want to restrict based on IP address.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> public string GetSharedAccessSignature(SharedAccessQueuePolicy policy, string accessPolicyIdentifier, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string signature = SharedAccessSignatureHelper.GetHash( policy, accessPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue); string accountKeyName = accountKey.KeyName; UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature( policy, accessPolicyIdentifier, signature, accountKeyName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange); return(builder.ToString()); }
/// <summary> /// Returns a shared access signature for the queue. /// </summary> /// <param name="policy">The access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A queue-level access policy.</param> /// <returns>A shared access signature.</returns> public string GetSharedAccessSignature(SharedAccessQueuePolicy policy, string accessPolicyIdentifier) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); string signature = SharedAccessSignatureHelper.GetSharedAccessSignatureHashImpl( policy, accessPolicyIdentifier, resourceName, this.ServiceClient.Credentials); string accountKeyName = this.ServiceClient.Credentials.IsSharedKey ? this.ServiceClient.Credentials.KeyName : null; UriQueryBuilder builder = SharedAccessSignatureHelper.GetSharedAccessSignatureImpl( policy, accessPolicyIdentifier, signature, accountKeyName); return(builder.ToString()); }
/// <summary> /// Parse Uri for SAS (Shared access signature) information. /// </summary> /// <param name="address">The complete Uri.</param> /// <param name="parsedCredentials">The credentials to use.</param> /// <returns>The file URI without credentials info</returns> /// <exception cref="System.ArgumentException">address</exception> /// <remarks> /// Validate that no other query parameters are passed in. /// Any SAS information will be recorded as corresponding credentials instance. /// If credentials is passed in and it does not match the SAS information found, an /// exception will be thrown. /// Otherwise a new client is created based on SAS information or as anonymous credentials. /// </remarks> private static Uri ParseFileQueryAndVerify(Uri address, out StorageCredentials parsedCredentials) { parsedCredentials = null; if (address == null) { return(null); } if (!address.IsAbsoluteUri) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.RelativeAddressNotPermitted, address.ToString()); throw new ArgumentException(errorMessage, "address"); } IDictionary <string, string> queryParameters = HttpWebUtility.ParseQueryString(address.Query); parsedCredentials = SharedAccessSignatureHelper.ParseQuery(queryParameters); // SAS credentials were passed in the Uri if parsedCredentials is non null. if (parsedCredentials != null) { string signedResource; queryParameters.TryGetValue(Constants.QueryConstants.SignedResource, out signedResource); if (string.IsNullOrEmpty(signedResource)) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.MissingMandatoryParametersForSAS); throw new ArgumentException(errorMessage); } } return(new Uri(address.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped))); }
/// <summary> /// Returns a shared access signature for the blob. /// </summary> /// <param name="policy">A <see cref="SharedAccessBlobPolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="headers">A <see cref="SharedAccessBlobHeaders"/> object specifying optional header values to set for a blob accessed with this SAS.</param> /// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="protocols">The allowed protocols (https only, or http and https). Null if you don't want to restrict protocol.</param> /// <param name="ipAddressOrRange">The allowed IP address or IP address range. Null if you don't want to restrict based on IP address.</param> /// <returns>A shared access signature, as a URI query string.</returns> public string GetSharedAccessSignature(SharedAccessBlobPolicy policy, SharedAccessBlobHeaders headers, string groupPolicyIdentifier, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(true /* ignoreSnapshotTime */); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; #if ALL_SERVICES string signature = SharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, OperationContext.StorageVersion ?? Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue); #else string signature = BlobSharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue); #endif // Future resource type changes from "c" => "container" #if ALL_SERVICES UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "b", signature, accountKey.KeyName, OperationContext.StorageVersion ?? Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange); #else UriQueryBuilder builder = BlobSharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "b", signature, accountKey.KeyName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange); #endif return(builder.ToString()); }
private static void WriteSharedAccessIdentifiers(SharedAccessTablePolicies sharedAccessPolicies, Stream outputStream) { WriteSharedAccessIdentifiers(sharedAccessPolicies, outputStream, delegate(SharedAccessTablePolicy policy, XmlWriter writer) { writer.WriteElementString("Start", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString("Expiry", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString("Permission", SharedAccessTablePolicy.PermissionsToString(policy.Permissions)); }); }
////public string SharedAccessAuthenticatedURI(Uri uri, string permission) { return ""; } /// <summary> /// Writes a collection of shared access policies to the specified stream in XML format. /// </summary> /// <param name="sharedAccessPolicies">A collection of shared access policies.</param> /// <param name="outputStream">An output stream.</param> public static void WriteSharedAccessIdentifiers(SharedAccessPolicies sharedAccessPolicies, Stream outputStream) { CommonUtils.AssertNotNull("sharedAccessPolicies", sharedAccessPolicies); CommonUtils.AssertNotNull("outputStream", outputStream); if (sharedAccessPolicies.Count > Constants.MaxSharedAccessPolicyIdentifiers) { string errorMessage = string.Format( CultureInfo.CurrentCulture, SR.TooManyPolicyIdentifiers, sharedAccessPolicies.Count, Constants.MaxSharedAccessPolicyIdentifiers); throw new ArgumentOutOfRangeException("sharedAccessPolicies", errorMessage); } XmlWriterSettings settings = new XmlWriterSettings(); settings.Encoding = Encoding.UTF8; using (XmlWriter writer = XmlWriter.Create(outputStream, settings)) { writer.WriteStartElement(Constants.SignedIdentifiers); foreach (var key in sharedAccessPolicies.Keys) { writer.WriteStartElement(Constants.SignedIdentifier); // Set the identifier writer.WriteElementString(Constants.Id, key); // Set the permissions writer.WriteStartElement(Constants.AccessPolicy); var policy = sharedAccessPolicies[key]; writer.WriteElementString( Constants.Start, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString( Constants.Expiry, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString( Constants.Permission, SharedAccessPolicy.PermissionsToString(policy.Permissions)); writer.WriteEndElement(); writer.WriteEndElement(); } writer.WriteEndDocument(); } }
/// <summary> /// Parse Uri for SAS (Shared access signature) information. /// </summary> /// <param name="address">The complete Uri.</param> /// <param name="parsedCredentials">The credentials to use.</param> /// <remarks> /// Validate that no other query parameters are passed in. /// Any SAS information will be recorded as corresponding credentials instance. /// If credentials is passed in and it does not match the SAS information found, an /// exception will be thrown. /// Otherwise a new client is created based on SAS information or as anonymous credentials. /// </remarks> internal static Uri ParseQueueTableQueryAndVerify(Uri address, out StorageCredentials parsedCredentials) { CommonUtility.AssertNotNull("address", address); if (!address.IsAbsoluteUri) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.RelativeAddressNotPermitted, address.ToString()); throw new ArgumentException(errorMessage, "address"); } IDictionary <string, string> queryParameters = HttpWebUtility.ParseQueryString(address.Query); parsedCredentials = SharedAccessSignatureHelper.ParseQuery(queryParameters, false); return(new Uri(address.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped))); }
/// <summary> /// Returns a shared access signature for the file. /// </summary> /// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param> /// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param> /// <returns>A shared access signature, as a URI query string.</returns> public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string signature = SharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, accountKey.KeyValue); UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "f", signature, accountKey.KeyName, Constants.HeaderConstants.TargetStorageVersion); return(builder.ToString()); }
/// <summary> /// Returns a shared access signature for the container. /// </summary> /// <param name="policy">The access policy for the shared access signature.</param> /// <param name="groupPolicyIdentifier">A container-level access policy.</param> /// <returns>A shared access signature.</returns> public string GetSharedAccessSignature(SharedAccessBlobPolicy policy, string groupPolicyIdentifier) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetSharedAccessCanonicalName(); string signature = SharedAccessSignatureHelper.GetSharedAccessSignatureHashImpl(policy, groupPolicyIdentifier, resourceName, this.ServiceClient.Credentials); string accountKeyName = this.ServiceClient.Credentials.KeyName; // Future resource type changes from "c" => "container" UriQueryBuilder builder = SharedAccessSignatureHelper.GetSharedAccessSignatureImpl(policy, groupPolicyIdentifier, "c", signature, accountKeyName); return(builder.ToString()); }
/// <summary> /// Writes a collection of shared access policies to the specified stream in XML format. /// </summary> /// <param name="sharedAccessPolicies">A collection of shared access policies.</param> /// <param name="outputStream">An output stream.</param> public static void WriteSharedAccessIdentifiers(SharedAccessBlobPolicies sharedAccessPolicies, Stream outputStream) { Request.WriteSharedAccessIdentifiers( sharedAccessPolicies, outputStream, (policy, writer) => { writer.WriteElementString( Constants.Start, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString( Constants.Expiry, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString( Constants.Permission, SharedAccessBlobPolicy.PermissionsToString(policy.Permissions)); }); }
/// <summary> /// Returns a shared access signature for the blob. /// </summary> /// <param name="policy">A <see cref="SharedAccessBlobPolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="headers">A <see cref="SharedAccessBlobHeaders"/> object specifying optional header values to set for a blob accessed with this SAS.</param> /// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format. Value must be <c>2012-02-12</c> or later.</param> /// <returns>A shared access signature, as a URI query string.</returns> public string GetSharedAccessSignature(SharedAccessBlobPolicy policy, SharedAccessBlobHeaders headers, string groupPolicyIdentifier, string sasVersion) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(true); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string validatedSASVersion = SharedAccessSignatureHelper.ValidateSASVersionString(sasVersion); string signature = SharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, validatedSASVersion, accountKey.KeyValue); // Future resource type changes from "c" => "container" UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "b", signature, accountKey.KeyName, validatedSASVersion); return(builder.ToString()); }
/// <summary> /// Parse Uri for SAS (Shared access signature) information. /// </summary> /// <param name="address">The complete Uri.</param> /// <param name="parsedCredentials">The credentials to use.</param> /// <param name="parsedShareSnapshot">The parsed share snapshot.</param> /// <returns>The file URI without credentials or snapshot info</returns> /// <exception cref="System.ArgumentException">address</exception> /// <remarks> /// Validate that no other query parameters are passed in. /// Any SAS information will be recorded as corresponding credentials instance. /// If credentials is passed in and it does not match the SAS information found, an /// exception will be thrown. /// Otherwise a new client is created based on SAS information or as anonymous credentials. /// </remarks> private static Uri ParseFileQueryAndVerify(Uri address, out StorageCredentials parsedCredentials, out DateTimeOffset?parsedShareSnapshot) { parsedCredentials = null; parsedShareSnapshot = null; if (address == null) { return(null); } if (!address.IsAbsoluteUri) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.RelativeAddressNotPermitted, address.ToString()); throw new ArgumentException(errorMessage, "address"); } IDictionary <string, string> queryParameters = HttpWebUtility.ParseQueryString(address.Query); parsedCredentials = SharedAccessSignatureHelper.ParseQuery(queryParameters); return(new Uri(address.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped))); }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">The access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">An access policy identifier.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string signature = SharedAccessSignatureHelper.GetSharedAccessSignatureHashImpl( policy, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, resourceName, accountKey.KeyValue); UriQueryBuilder builder = SharedAccessSignatureHelper.GetSharedAccessSignatureImpl( policy, this.Name, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, signature, accountKey.KeyName); return(builder.ToString()); }