/// <summary>
/// Initializes a new instance of the <see cref="SharedAccessFileHeaders"/> class based on an existing instance.
/// </summary>
/// <param name="sharedAccessFileHeaders">The set of <see cref="SharedAccessFileHeaders"/> to clone.</param>
public SharedAccessFileHeaders(SharedAccessFileHeaders sharedAccessFileHeaders)
{
CommonUtility.AssertNotNull("sharedAccessFileHeaders", sharedAccessFileHeaders);
this.ContentType = sharedAccessFileHeaders.ContentType;
this.ContentDisposition = sharedAccessFileHeaders.ContentDisposition;
this.ContentEncoding = sharedAccessFileHeaders.ContentEncoding;
this.ContentLanguage = sharedAccessFileHeaders.ContentLanguage;
this.CacheControl = sharedAccessFileHeaders.CacheControl;
}
/// <summary>
/// Initializes a new instance of the <see cref="SharedAccessFileHeaders"/> class based on an existing instance.
/// </summary>
/// <param name="sharedAccessFileHeaders">The set of <see cref="SharedAccessFileHeaders"/> to clone.</param>
public SharedAccessFileHeaders(SharedAccessFileHeaders sharedAccessFileHeaders)
{
CommonUtility.AssertNotNull("sharedAccessFileHeaders", sharedAccessFileHeaders);
this.ContentType = sharedAccessFileHeaders.ContentType;
this.ContentDisposition = sharedAccessFileHeaders.ContentDisposition;
this.ContentEncoding = sharedAccessFileHeaders.ContentEncoding;
this.ContentLanguage = sharedAccessFileHeaders.ContentLanguage;
this.CacheControl = sharedAccessFileHeaders.CacheControl;
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
if (!this.ServiceClient.Credentials.IsSharedKey)
{
string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey);
throw new InvalidOperationException(errorMessage);
}
string resourceName = this.GetCanonicalName();
StorageAccountKey accountKey = this.ServiceClient.Credentials.Key;
string signature = SharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, accountKey.KeyValue);
UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "f", signature, accountKey.KeyName, Constants.HeaderConstants.TargetStorageVersion);
return(builder.ToString());
}
public void CloudFileSASHeaders()
{
for (int i = 1; i < 0x20; i++)
{
CloudFile testFile = this.testShare.GetRootDirectoryReference().GetFileReference("file" + i);
SharedAccessFilePermissions permissions = (SharedAccessFilePermissions)i;
SharedAccessFileHeaders headers = new SharedAccessFileHeaders()
{
CacheControl = "no-transform",
ContentDisposition = "attachment",
ContentEncoding = "gzip",
ContentLanguage = "tr,en",
ContentType = "text/html"
};
TestFileSAS(testFile, permissions, headers);
}
}
private static void TestFileSAS(CloudFile testFile, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers)
{
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = testFile.GetSharedAccessSignature(policy, headers, null);
TestAccess(sasToken, permissions, headers, null, testFile);
}
private static void TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
if (share != null)
{
share = new CloudFileShare(credentials.TransformUri(share.Uri));
file = share.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
file = new CloudFile(credentials.TransformUri(file.Uri));
}
if (share != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
share.GetRootDirectoryReference().ListFilesAndDirectories().ToArray();
}
else
{
TestHelper.ExpectedException(
() => share.GetRootDirectoryReference().ListFilesAndDirectories().ToArray(),
"List files while SAS does not allow for listing",
HttpStatusCode.NotFound);
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
file.FetchAttributes();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, file.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, file.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, file.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, file.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, file.Properties.ContentType);
}
}
}
else
{
TestHelper.ExpectedException(
() => file.FetchAttributes(),
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.NotFound);
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
file.SetMetadata();
}
else
{
TestHelper.ExpectedException(
() => file.SetMetadata(),
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.NotFound);
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
file.Delete();
}
else
{
TestHelper.ExpectedException(
() => file.Delete(),
"Delete file while SAS does not allow for deleting",
HttpStatusCode.NotFound);
}
}
private static async Task TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
CloudFileShare SASshare = null;
CloudFile SASfile;
OperationContext context = new OperationContext();
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
string fileText = "file";
if (share != null)
{
SASshare = new CloudFileShare(credentials.TransformUri(share.Uri));
SASfile = SASshare.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
SASfile = new CloudFile(credentials.TransformUri(file.Uri));
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
await UploadTextAsync(SASfile, fileText, Encoding.UTF8);
}
else if ((permissions & SharedAccessFilePermissions.Create) == SharedAccessFilePermissions.Create)
{
await SASfile.CreateAsync(Encoding.UTF8.GetBytes(fileText).Length);
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await UploadTextAsync(SASfile, fileText, Encoding.UTF8, operationContext: context),
context,
"UploadText SAS does not allow for writing",
HttpStatusCode.Forbidden,
"");
await UploadTextAsync(file, fileText, Encoding.UTF8);
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.CreateAsync(Encoding.UTF8.GetBytes(fileText).Length, null /* accessCondition */, null /* options */, context),
context,
"Create file succeeded but SAS does not allow for writing/creating",
HttpStatusCode.Forbidden,
"");
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await UploadTextAsync(SASfile, fileText, Encoding.UTF8, operationContext: context),
context,
"UploadText SAS does not allow for writing/creating",
HttpStatusCode.Forbidden,
"");
await UploadTextAsync(file, fileText, Encoding.UTF8);
}
if (SASshare != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
var results = await SASshare.GetRootDirectoryReference().ListFilesAndDirectoriesSegmentedAsync(null);
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => { var results = await SASshare.GetRootDirectoryReference().ListFilesAndDirectoriesSegmentedAsync(null /* maxResults */, null /* currentToken */, null /* options */, context); },
context,
"List files while SAS does not allow for listing",
HttpStatusCode.Forbidden,
"");
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
await SASfile.FetchAttributesAsync();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, SASfile.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, SASfile.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, SASfile.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, SASfile.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, SASfile.Properties.ContentType);
}
}
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.Forbidden,
"");
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
await SASfile.SetMetadataAsync();
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.SetMetadataAsync(null /* accessCondition */, null /* options */, context),
context,
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.Forbidden,
"");
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
await SASfile.DeleteAsync();
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await SASfile.DeleteAsync(null /* accessCondition */, null /* options */, context),
context,
"Delete file while SAS does not allow for deleting",
HttpStatusCode.Forbidden,
"");
}
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange)
{
throw new System.NotImplementedException();
}
public void CloudFileSASHeaders()
{
for (int i = 1; i < 8; i++)
{
CloudFile testFile = this.testShare.GetRootDirectoryReference().GetFileReference("file" + i);
SharedAccessFilePermissions permissions = (SharedAccessFilePermissions)i;
SharedAccessFileHeaders headers = new SharedAccessFileHeaders()
{
CacheControl = "no-transform",
ContentDisposition = "attachment",
ContentEncoding = "gzip",
ContentLanguage = "tr,en",
ContentType = "text/html"
};
TestFileSAS(testFile, permissions, headers);
}
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers)
{
return(this.GetSharedAccessSignature(policy, headers, null /* groupPolicyIdentifier */));
}
private static void TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
CloudFileShare SASshare = null;
CloudFile SASfile;
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
string fileText = "file";
if (share != null)
{
SASshare = new CloudFileShare(credentials.TransformUri(share.Uri));
SASfile = SASshare.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
SASfile = new CloudFile(credentials.TransformUri(file.Uri));
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
UploadText(SASfile, fileText, Encoding.UTF8);
}
else if ((permissions & SharedAccessFilePermissions.Create) == SharedAccessFilePermissions.Create)
{
SASfile.Create(Encoding.UTF8.GetBytes(fileText).Length);
TestHelper.ExpectedException(
() => UploadText(SASfile, fileText, Encoding.UTF8),
"UploadText SAS does not allow for writing",
HttpStatusCode.Forbidden);
UploadText(file, fileText, Encoding.UTF8);
}
else
{
TestHelper.ExpectedException(
() => SASfile.Create(Encoding.UTF8.GetBytes(fileText).Length),
"Create file succeeded but SAS does not allow for writing/creating",
HttpStatusCode.Forbidden);
TestHelper.ExpectedException(
() => UploadText(SASfile, fileText, Encoding.UTF8),
"UploadText SAS does not allow for writing/creating",
HttpStatusCode.Forbidden);
UploadText(file, fileText, Encoding.UTF8);
}
if (SASshare != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
SASshare.GetRootDirectoryReference().ListFilesAndDirectories().ToArray();
}
else
{
TestHelper.ExpectedException(
() => SASshare.GetRootDirectoryReference().ListFilesAndDirectories().ToArray(),
"List files while SAS does not allow for listing",
HttpStatusCode.Forbidden);
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
SASfile.FetchAttributes();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, SASfile.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, SASfile.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, SASfile.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, SASfile.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, SASfile.Properties.ContentType);
}
}
}
else
{
TestHelper.ExpectedException(
() => SASfile.FetchAttributes(),
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.Forbidden);
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
SASfile.SetMetadata();
}
else
{
TestHelper.ExpectedException(
() => SASfile.SetMetadata(),
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.Forbidden);
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
SASfile.Delete();
}
else
{
TestHelper.ExpectedException(
() => SASfile.Delete(),
"Delete file while SAS does not allow for deleting",
HttpStatusCode.Forbidden);
}
}
/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a file returned with this SAS.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceType">Either "f" for files or "s" for shares.</param>
/// <param name="signature">The signature to use.</param>
/// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetSignature(
SharedAccessFilePolicy policy,
SharedAccessFileHeaders headers,
string accessPolicyIdentifier,
string resourceType,
string signature,
string accountKeyName,
string sasVersion,
SharedAccessProtocol? protocols,
IPAddressOrRange ipAddressOrRange)
{
CommonUtility.AssertNotNullOrEmpty("resourceType", resourceType);
UriQueryBuilder builder = new UriQueryBuilder();
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedResource, resourceType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName);
AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, GetProtocolString(protocols));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString());
if (policy != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));
string permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions);
if (!string.IsNullOrEmpty(permissions))
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
}
}
if (headers != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.CacheControl, headers.CacheControl);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentType, headers.ContentType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentEncoding, headers.ContentEncoding);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentLanguage, headers.ContentLanguage);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentDisposition, headers.ContentDisposition);
}
return builder;
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a file returned with this SAS.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessFilePolicy policy,
SharedAccessFileHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol? protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset? startTime = null;
DateTimeOffset? expiryTime = null;
if (policy != null)
{
permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
GetProtocolString(protocols),
sasVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return CryptoUtility.ComputeHmac256(keyValue, stringToSign);
}
private static async Task TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
CloudFileShare SASshare = null;
CloudFile SASfile;
OperationContext context = new OperationContext();
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
string fileText = "file";
if (share != null)
{
SASshare = new CloudFileShare(credentials.TransformUri(share.Uri));
SASfile = SASshare.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
SASfile = new CloudFile(credentials.TransformUri(file.Uri));
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
await UploadTextAsync(SASfile, fileText, Encoding.UTF8);
}
else if ((permissions & SharedAccessFilePermissions.Create) == SharedAccessFilePermissions.Create)
{
await SASfile.CreateAsync(Encoding.UTF8.GetBytes(fileText).Length);
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await UploadTextAsync(SASfile, fileText, Encoding.UTF8, operationContext:context),
context,
"UploadText SAS does not allow for writing",
HttpStatusCode.Forbidden,
"");
await UploadTextAsync(file, fileText, Encoding.UTF8);
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await SASfile.CreateAsync(Encoding.UTF8.GetBytes(fileText).Length, null /* accessCondition */, null /* options */, context),
context,
"Create file succeeded but SAS does not allow for writing/creating",
HttpStatusCode.Forbidden,
"");
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await UploadTextAsync(SASfile, fileText, Encoding.UTF8, operationContext:context),
context,
"UploadText SAS does not allow for writing/creating",
HttpStatusCode.Forbidden,
"");
await UploadTextAsync(file, fileText, Encoding.UTF8);
}
if (SASshare != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
var results = await SASshare.GetRootDirectoryReference().ListFilesAndDirectoriesSegmentedAsync(null);
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => { var results = await SASshare.GetRootDirectoryReference().ListFilesAndDirectoriesSegmentedAsync(null /* maxResults */, null /* currentToken */, null /* options */, context); },
context,
"List files while SAS does not allow for listing",
HttpStatusCode.Forbidden,
"");
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
await SASfile.FetchAttributesAsync();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, SASfile.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, SASfile.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, SASfile.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, SASfile.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, SASfile.Properties.ContentType);
}
}
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await SASfile.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.Forbidden,
"");
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
await SASfile.SetMetadataAsync();
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await SASfile.SetMetadataAsync(null /* accessCondition */, null /* options */, context),
context,
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.Forbidden,
"");
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
await SASfile.DeleteAsync();
}
else
{
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await SASfile.DeleteAsync(null /* accessCondition */, null /* options */, context),
context,
"Delete file while SAS does not allow for deleting",
HttpStatusCode.Forbidden,
"");
}
}
private static async Task TestFileSAS(CloudFile testFile, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers)
{
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = testFile.GetSharedAccessSignature(policy, headers, null);
await TestAccess(sasToken, permissions, headers, null, testFile);
}
public SharedAccessFileHeaders(SharedAccessFileHeaders sharedAccessFileHeaders)
{
throw new System.NotImplementedException();
}
private static void TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
CloudFileShare SASshare = null;
CloudFile SASfile;
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
string fileText = "file";
if (share != null)
{
SASshare = new CloudFileShare(credentials.TransformUri(share.Uri));
SASfile = SASshare.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
SASfile = new CloudFile(credentials.TransformUri(file.Uri));
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
UploadText(SASfile, fileText, Encoding.UTF8);
}
else if ((permissions & SharedAccessFilePermissions.Create) == SharedAccessFilePermissions.Create)
{
SASfile.Create(Encoding.UTF8.GetBytes(fileText).Length);
TestHelper.ExpectedException(
() => UploadText(SASfile, fileText, Encoding.UTF8),
"UploadText SAS does not allow for writing",
HttpStatusCode.Forbidden);
UploadText(file, fileText, Encoding.UTF8);
}
else
{
TestHelper.ExpectedException(
() => SASfile.Create(Encoding.UTF8.GetBytes(fileText).Length),
"Create file succeeded but SAS does not allow for writing/creating",
HttpStatusCode.Forbidden);
TestHelper.ExpectedException(
() => UploadText(SASfile, fileText, Encoding.UTF8),
"UploadText SAS does not allow for writing/creating",
HttpStatusCode.Forbidden);
UploadText(file, fileText, Encoding.UTF8);
}
if (SASshare != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
SASshare.GetRootDirectoryReference().ListFilesAndDirectories().ToArray();
}
else
{
TestHelper.ExpectedException(
() => SASshare.GetRootDirectoryReference().ListFilesAndDirectories().ToArray(),
"List files while SAS does not allow for listing",
HttpStatusCode.Forbidden);
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
SASfile.FetchAttributes();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, SASfile.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, SASfile.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, SASfile.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, SASfile.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, SASfile.Properties.ContentType);
}
}
}
else
{
TestHelper.ExpectedException(
() => SASfile.FetchAttributes(),
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.Forbidden);
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
SASfile.SetMetadata();
}
else
{
TestHelper.ExpectedException(
() => SASfile.SetMetadata(),
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.Forbidden);
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
SASfile.Delete();
}
else
{
TestHelper.ExpectedException(
() => SASfile.Delete(),
"Delete file while SAS does not allow for deleting",
HttpStatusCode.Forbidden);
}
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers)
{
return this.GetSharedAccessSignature(policy, headers, null /* groupPolicyIdentifier */);
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
return(GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, null, null));
}
private static void TestAccess(string sasToken, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers, CloudFileShare share, CloudFile file)
{
StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ?
new StorageCredentials() :
new StorageCredentials(sasToken);
if (share != null)
{
share = new CloudFileShare(credentials.TransformUri(share.Uri));
file = share.GetRootDirectoryReference().GetFileReference(file.Name);
}
else
{
file = new CloudFile(credentials.TransformUri(file.Uri));
}
if (share != null)
{
if ((permissions & SharedAccessFilePermissions.List) == SharedAccessFilePermissions.List)
{
share.GetRootDirectoryReference().ListFilesAndDirectories().ToArray();
}
else
{
TestHelper.ExpectedException(
() => share.GetRootDirectoryReference().ListFilesAndDirectories().ToArray(),
"List files while SAS does not allow for listing",
HttpStatusCode.NotFound);
}
}
if ((permissions & SharedAccessFilePermissions.Read) == SharedAccessFilePermissions.Read)
{
file.FetchAttributes();
// Test headers
if (headers != null)
{
if (headers.CacheControl != null)
{
Assert.AreEqual(headers.CacheControl, file.Properties.CacheControl);
}
if (headers.ContentDisposition != null)
{
Assert.AreEqual(headers.ContentDisposition, file.Properties.ContentDisposition);
}
if (headers.ContentEncoding != null)
{
Assert.AreEqual(headers.ContentEncoding, file.Properties.ContentEncoding);
}
if (headers.ContentLanguage != null)
{
Assert.AreEqual(headers.ContentLanguage, file.Properties.ContentLanguage);
}
if (headers.ContentType != null)
{
Assert.AreEqual(headers.ContentType, file.Properties.ContentType);
}
}
}
else
{
TestHelper.ExpectedException(
() => file.FetchAttributes(),
"Fetch file attributes while SAS does not allow for reading",
HttpStatusCode.NotFound);
}
if ((permissions & SharedAccessFilePermissions.Write) == SharedAccessFilePermissions.Write)
{
file.SetMetadata();
}
else
{
TestHelper.ExpectedException(
() => file.SetMetadata(),
"Set file metadata while SAS does not allow for writing",
HttpStatusCode.NotFound);
}
if ((permissions & SharedAccessFilePermissions.Delete) == SharedAccessFilePermissions.Delete)
{
file.Delete();
}
else
{
TestHelper.ExpectedException(
() => file.Delete(),
"Delete file while SAS does not allow for deleting",
HttpStatusCode.NotFound);
}
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
return GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, null, null);
}
private static void TestFileSAS(CloudFile testFile, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers)
{
UploadText(testFile, "file", Encoding.UTF8);
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = testFile.GetSharedAccessSignature(policy, headers, null);
TestAccess(sasToken, permissions, headers, null, testFile);
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
if (!this.ServiceClient.Credentials.IsSharedKey)
{
string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey);
throw new InvalidOperationException(errorMessage);
}
string resourceName = this.GetCanonicalName();
StorageAccountKey accountKey = this.ServiceClient.Credentials.Key;
string signature = SharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, accountKey.KeyValue);
UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "f", signature, accountKey.KeyName, Constants.HeaderConstants.TargetStorageVersion);
return builder.ToString();
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
throw new System.NotImplementedException();
}
