public IActionResult Create(FileUploadRequest request) { if (request == null) { return(this.BadRequest()); } AccountSasBuilder sas = new AccountSasBuilder { // Allow access to blobs Services = AccountSasServices.Blobs, // Allow access to the service level APIs ResourceTypes = AccountSasResourceTypes.Object, // Access expires in 1 hour! ExpiresOn = DateTimeOffset.UtcNow.AddHours(1), StartsOn = DateTimeOffset.UtcNow.AddSeconds(-30) }; sas.SetPermissions(AccountSasPermissions.Write | AccountSasPermissions.Create | AccountSasPermissions.Delete); StorageSharedKeyCredential credential = new StorageSharedKeyCredential(_accountName, _key); var container = new BlobContainerClient(_connectionString, "photos"); var blob = container.GetBlobClient(request.FileName); var result = new UriBuilder(blob.Uri); result.Query = sas.ToSasQueryParameters(credential).ToString(); return(this.Ok(result.Uri.ToString())); }
public void GenerateAccountSas_RequiredParameters() { // Arrange TestConstants constants = new TestConstants(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net"); DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient( new QueueServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); // Act Uri sasUri = serviceClient.GenerateAccountSasUri( permissions: permissions, expiresOn: expiresOn, resourceTypes: resourceTypes); // Assert AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes); UriBuilder expectedUri = new UriBuilder(serviceUri) { Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString() }; Assert.AreEqual(expectedUri.Uri, sasUri); }
private string GenerateSasToken() { if (Mode == RecordedTestMode.Playback) { return(RecordedTestSanitizer.SanitizeValue); } // Create a service level SAS that only allows reading from service // level APIs AccountSasBuilder sas = new AccountSasBuilder { // Allow access to blobs. Services = AccountSasServices.Blobs, // Allow access to the service level APIs. ResourceTypes = AccountSasResourceTypes.All, // Access expires in 1 hour. ExpiresOn = DateTimeOffset.UtcNow.AddHours(1) }; // Allow All access sas.SetPermissions(AccountSasPermissions.All); // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(TestEnvironment.AccountName, TestEnvironment.PrimaryStorageAccountKey); // return a SAS token return(sas.ToSasQueryParameters(credential).ToString()); }
public async Task AccountPermissionsRawPermissions(string permissionsString) { // Arrange await using DisposingQueue test = await GetTestQueueAsync(); AccountSasBuilder accountSasBuilder = new AccountSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), Services = AccountSasServices.Queues, ResourceTypes = AccountSasResourceTypes.All }; accountSasBuilder.SetPermissions(permissionsString); Assert.AreEqual("rwdxylacuptfi", accountSasBuilder.Permissions); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(TestConfigDefault.AccountName, TestConfigDefault.AccountKey); Uri uri = new Uri($"{test.Queue.Uri}?{accountSasBuilder.ToSasQueryParameters(sharedKeyCredential)}"); QueueClient queueClient = new QueueClient(uri, GetOptions()); // Act await queueClient.GetPropertiesAsync(); }
/// <summary> /// Lazy Load a SasQueryParameters and cache it internally /// </summary> /// <param name="key"></param> /// <returns></returns> private SasQueryParameters GetSasQueryParameters(string key) { if (!_sasQueryParameters.ContainsKey(key)) { var csBuilder = new DbConnectionStringBuilder(); csBuilder.ConnectionString = _connectionStrings[key]; string accountName = csBuilder["AccountName"].ToString(); string accountKey = csBuilder["AccountKey"].ToString(); var keyCredential = new StorageSharedKeyCredential(accountName, accountKey); var sasBuilder = new AccountSasBuilder() { StartsOn = DateTimeOffset.UtcNow.AddMinutes(-5), ExpiresOn = DateTimeOffset.UtcNow.AddMonths(1), Services = AccountSasServices.Blobs, ResourceTypes = AccountSasResourceTypes.Object | AccountSasResourceTypes.Container }; if (key.StartsWith(SourceStorageConnectionKey)) { sasBuilder.SetPermissions(AccountSasPermissions.Read); } else if (key.StartsWith(DestinationStorageConnectionKey)) { sasBuilder.SetPermissions(AccountSasPermissions.Add | AccountSasPermissions.Create | AccountSasPermissions.Write | AccountSasPermissions.Update); } _sasQueryParameters.Add(key, sasBuilder.ToSasQueryParameters(keyCredential)); } return(_sasQueryParameters[key]); }
public void GenerateAccountSas_WrongService_Service() { var constants = new TestConstants(this); var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account); var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary"); var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint)); string connectionString = storageConnectionString.ToString(true); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasServices services = AccountSasServices.Files;// Wrong Service AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; BlobServiceClient serviceClient = InstrumentClient(new BlobServiceClient(connectionString, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { IPRange = new SasIPRange(System.Net.IPAddress.None, System.Net.IPAddress.None), StartsOn = Recording.UtcNow.AddHours(-1) }; // Act try { Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); Assert.Fail("BlobContainerClient.GenerateSasUri should have failed with an ArgumentException."); } catch (InvalidOperationException) { // the correct exception came back } }
public async Task AccountSas_AllPermissions() { // Arrange await using DisposingContainer test = await GetTestContainerAsync(); string blobName = GetNewBlobName(); AppendBlobClient blob = InstrumentClient(test.Container.GetAppendBlobClient(blobName)); await blob.CreateAsync(); AccountSasBuilder accountSasBuilder = new AccountSasBuilder( permissions: AccountSasPermissions.All, expiresOn: Recording.UtcNow.AddDays(1), services: AccountSasServices.Blobs, resourceTypes: AccountSasResourceTypes.Object); Uri accountSasUri = test.Container.GetParentBlobServiceClient().GenerateAccountSasUri(accountSasBuilder); BlobUriBuilder blobUriBuilder = new BlobUriBuilder(accountSasUri) { BlobContainerName = test.Container.Name, BlobName = blobName }; // Assert AppendBlobClient sasBlobClient = InstrumentClient(new AppendBlobClient(blobUriBuilder.ToUri(), GetOptions())); await sasBlobClient.GetPropertiesAsync(); }
public static IActionResult Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req, ILogger log) { log.LogInformation("SAS Token Requests"); var accountName = Environment.GetEnvironmentVariable("AZURE_ACCOUNT_NAME"); var key = Environment.GetEnvironmentVariable("AZURE_ACCOUNT_KEY"); var sharedKeyCredentials = new StorageSharedKeyCredential(accountName, key); var sasBuilder = new AccountSasBuilder() { StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5), Services = AccountSasServices.Blobs, ResourceTypes = AccountSasResourceTypes.All, Protocol = SasProtocol.Https }; sasBuilder.SetPermissions(AccountSasPermissions.All); var sasToken = sasBuilder.ToSasQueryParameters(sharedKeyCredentials).ToString(); var storageUri = $"https://{accountName}.blob.core.windows.net/"; return(new OkObjectResult(new SasTokenDetails() { storageAccessToken = sasToken, storageUri = storageUri })); }
public async Task AccountPermissionsRawPermissions(string permissionsString) { // Arrange await using DisposingFileSystem test = await GetNewFileSystem(); AccountSasBuilder accountSasBuilder = new AccountSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), Services = AccountSasServices.Blobs, ResourceTypes = AccountSasResourceTypes.All }; await test.FileSystem.GetPropertiesAsync(); accountSasBuilder.SetPermissions(permissionsString); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(TestConfigHierarchicalNamespace.AccountName, TestConfigHierarchicalNamespace.AccountKey); Uri uri = new Uri($"{test.FileSystem.Uri}?{accountSasBuilder.ToSasQueryParameters(sharedKeyCredential)}"); DataLakeFileSystemClient sasFileSystemClient = InstrumentClient(new DataLakeFileSystemClient(uri, GetOptions())); // Act await sasFileSystemClient.GetPropertiesAsync(); }
/// <summary> /// The GetSasUri. /// </summary> /// <param name="containerName">The containerName<see cref="string"/>.</param> /// <returns>The <see cref="Task{BlobStorageRequest}"/>.</returns> public async Task <BlobStorageRequest> GetSasUri(string containerName) { // connect to our storage account and create a blob client var connectionString = SettingConfigurations.AzureWebJobsStorage; var storageAccount = CloudStorageAccount.Parse(connectionString); var blobClient = storageAccount.CreateCloudBlobClient(); StorageSharedKeyCredential credential = new StorageSharedKeyCredential(storageAccount.Credentials.AccountName, SettingConfigurations.AccountKey); // get a reference to the container var blobContainer = blobClient.GetContainerReference(containerName); await blobContainer.CreateIfNotExistsAsync(); var sasBuilder = new AccountSasBuilder() { StartsOn = DateTimeOffset.UtcNow, ExpiresOn = DateTimeOffset.UtcNow.AddDays(7), Services = AccountSasServices.Blobs, ResourceTypes = AccountSasResourceTypes.All, Protocol = SasProtocol.Https }; sasBuilder.SetPermissions(AccountSasPermissions.All); var sasToken = sasBuilder.ToSasQueryParameters(credential).ToString(); return(new BlobStorageRequest { StorageAccessToken = sasToken, StorageUri = blobContainer.ServiceClient.StorageUri.PrimaryUri.AbsoluteUri }); }
public void GenerateAccountSas_Builder() { // Arrange TestConstants constants = new TestConstants(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.dfs.core.windows.net"); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1); AccountSasServices services = AccountSasServices.Blobs; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; // Act Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); // Assert AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; UriBuilder expectedUri = new UriBuilder(serviceUri); expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString(); Assert.AreEqual(expectedUri.Uri, sasUri); }
protected override async Task <string> GenerateSecret(ISecret secret, ILogger log) { log.LogInformation($"Resource Name: {secret.ResourceName}"); log.LogInformation($"Resource Group Name: {secret.ResourceGroupName}"); log.LogInformation($"Subscription Id: {secret.SubscriptionId}"); log.LogInformation($"Expires In (days): {secret.ExpiresInDays}"); var creds = new DefaultAzureCredential(includeInteractiveCredentials: true); StorageManagementClient managementClient = new StorageManagementClient(secret.SubscriptionId, creds); var accountKey = (await managementClient.StorageAccounts.ListKeysAsync(secret.ResourceGroupName, secret.ResourceName)).Value.Keys[0]; AccountSasBuilder sasBuilder = new AccountSasBuilder() { Services = AccountSasServices.Blobs, ResourceTypes = AccountSasResourceTypes.Service, ExpiresOn = DateTimeOffset.UtcNow.AddDays(int.Parse(secret.ExpiresInDays)), Protocol = SasProtocol.Https, }; sasBuilder.SetPermissions(AccountSasPermissions.Read | AccountSasPermissions.Write | AccountSasPermissions.List); // Use the key to get the SAS token. string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(secret.ResourceName, accountKey.Value)).ToString(); return(sasToken); }
private static string GetContainerSasUri(string blobname) { string StorageAccountName = System.Environment.GetEnvironmentVariable("StorageAccountName"); string StorageAccountKey = System.Environment.GetEnvironmentVariable("StorageAccountKey"); AccountSasBuilder sas = new AccountSasBuilder { // Allow access to blobs Services = AccountSasServices.Blobs, // Allow access to the service level APIs ResourceTypes = AccountSasResourceTypes.All, StartsOn = DateTimeOffset.UtcNow, // Access expires in 1 hour! ExpiresOn = DateTimeOffset.UtcNow.AddDays(99999) }; sas.Protocol = SasProtocol.Https; sas.SetPermissions(AccountSasPermissions.Read); // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey); UriBuilder sasUri = new UriBuilder(System.Environment.GetEnvironmentVariable("BlobURI") + blobname); sasUri.Query = sas.ToSasQueryParameters(credential).ToString(); return(sasUri.Uri.AbsoluteUri); }
private static BlobServiceClient SharedAccessSignatureAuthAsync() { // Create a service level SAS that only allows reading from service // level APIs AccountSasBuilder sas = new AccountSasBuilder { // Allow access to blobs Services = AccountSasServices.Blobs, // Allow access to all service level APIs ResourceTypes = AccountSasResourceTypes.All, // Specify token expiration in hours ExpiresOn = DateTimeOffset.UtcNow.AddHours(SasKeyExpiryTime) }; // Allow all access => Create, Delete, List, Process, Read, Write & Update sas.SetPermissions(AccountSasPermissions.All); // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(AccountName, AccountKey); // Build a SAS URI string storageAccountUri = String.Format("https://{0}.blob.core.windows.net", AccountName); UriBuilder sasUri = new UriBuilder(storageAccountUri); sasUri.Query = sas.ToSasQueryParameters(credential).ToString(); // Create and return a service client that can authenticate with the SAS URI return(new BlobServiceClient(sasUri.Uri)); }
public void GenerateAccountSas_RequiredParameters() { // Arrange var constants = new TestConstants(this); var queueEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account); var queueSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary"); var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, queueStorageUri: (queueEndpoint, queueSecondaryEndpoint)); string connectionString = storageConnectionString.ToString(true); DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient(new QueueServiceClient(connectionString, GetOptions())); // Act Uri sasUri = serviceClient.GenerateAccountSasUri( permissions: permissions, expiresOn: expiresOn, resourceTypes: resourceTypes); // Assert AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes); UriBuilder expectedUri = new UriBuilder(queueEndpoint) { Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString() }; Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString()); }
public void GenerateAccountSas_Builder() { TestConstants constants = TestConstants.Create(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net"); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasServices services = AccountSasServices.Queues; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient( new QueueServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes); // Add more properties on the builder sasBuilder.SetPermissions(permissions); // Act Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); // Assert AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes); UriBuilder expectedUri = new UriBuilder(serviceUri); expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString(); Assert.AreEqual(expectedUri.Uri, sasUri); }
public override void ExecuteCmdlet() { if (!UseTrack2Sdk()) // Track1 { var sharedAccessPolicy = new SharedAccessAccountPolicy() { Permissions = SetupAccessPolicyPermission(this.Permission), Services = Service, ResourceTypes = ResourceType, Protocols = Protocol, IPAddressOrRange = Util.SetupIPAddressOrRangeForSAS(this.IPAddressOrRange) }; DateTimeOffset?accessStartTime; DateTimeOffset?accessEndTime; SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime, out accessStartTime, out accessEndTime, true); sharedAccessPolicy.SharedAccessStartTime = accessStartTime; sharedAccessPolicy.SharedAccessExpiryTime = accessEndTime; this.WriteObject(Channel.GetStorageAccountSASToken(sharedAccessPolicy)); } else { AccountSasBuilder sasBuilder = SasTokenHelper.SetAccountSasBuilder(this.Service, this.ResourceType, Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol); string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(Channel.StorageContext.StorageAccountName, Channel.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString(); if (sasToken[0] != '?') { sasToken = "?" + sasToken; } this.WriteObject(sasToken); } }
public void GenerateAccountSas_Builder() { // Arrange var constants = new TestConstants(this); var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account); var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary"); var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint)); string connectionString = storageConnectionString.ToString(true); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1); AccountSasServices services = AccountSasServices.Blobs; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient( blobEndpoint, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; // Act Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); // Assert AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; UriBuilder expectedUri = new UriBuilder(blobEndpoint); expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString(); Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString()); }
/// <summary> /// Create a blob SAS build from Blob Object /// </summary> public static AccountSasBuilder SetAccountSasBuilder(SharedAccessAccountServices Service, SharedAccessAccountResourceTypes type, string Permission = null, DateTime?StartTime = null, DateTime?ExpiryTime = null, string iPAddressOrRange = null, SharedAccessProtocol?Protocol = null, string EncryptionScope = null) { AccountSasBuilder sasBuilder = new AccountSasBuilder(); sasBuilder.ResourceTypes = GetAccountSasResourceTypes(type); sasBuilder.Services = GetAccountSasServices(Service); sasBuilder = SetAccountPermission(sasBuilder, Permission); if (StartTime != null) { sasBuilder.StartsOn = StartTime.Value.ToUniversalTime(); } if (ExpiryTime != null) { sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime(); } else { if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null) { sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime(); } else { sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1); } } if (iPAddressOrRange != null) { sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(iPAddressOrRange); } if (Protocol != null) { if (Protocol.Value == SharedAccessProtocol.HttpsOrHttp) { sasBuilder.Protocol = SasProtocol.HttpsAndHttp; } else //HttpsOnly { sasBuilder.Protocol = SasProtocol.Https; } } if (EncryptionScope != null) { sasBuilder.EncryptionScope = EncryptionScope; } return(sasBuilder); }
public List <ResourceFile> GetResourceFiles( string containerName, string folderName) { List <ResourceFile> fileList = new List <ResourceFile>(); // Create a service level SAS that only allows reading from service // level APIs AccountSasBuilder sas = new AccountSasBuilder { // Allow access to blobs Services = AccountSasServices.Blobs, // Allow access to all service level APIs ResourceTypes = AccountSasResourceTypes.All, // Specify token expiration in hours ExpiresOn = DateTimeOffset.UtcNow.AddHours(SasKeyExpiryTime) }; // Allow all access => Create, Delete, List, Process, Read, Write & Update sas.SetPermissions(AccountSasPermissions.All); // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(AccountName, AccountKey); string storageAccountUri = String.Format("https://{0}.blob.core.windows.net", AccountName); BlobServiceClient blobSvcClient = new BlobServiceClient(new Uri(storageAccountUri), credential); BlobContainerClient containerClient = blobSvcClient.GetBlobContainerClient(containerName); ResourceFile file = null; // folderName is a prefix, does not need to include trailing slash '/' foreach (BlobItem blobItem in containerClient.GetBlobs(Azure.Storage.Blobs.Models.BlobTraits.None, Azure.Storage.Blobs.Models.BlobStates.None, folderName)) { BlobUriBuilder blobUri = new BlobUriBuilder(new Uri(storageAccountUri)); blobUri.BlobContainerName = containerName; blobUri.BlobName = blobItem.Name; blobUri.Query = sas.ToSasQueryParameters(credential).ToString(); file = ResourceFile.FromUrl(blobUri.ToUri().ToString(), blobItem.Name); // file.FilePath = folderName; fileList.Add(file); } ; return(fileList); }
public async Task SharedAccessSignatureAuthAsync() { // Create a service level SAS that only allows reading from service // level APIs AccountSasBuilder sas = new AccountSasBuilder { // Allow access to queues Services = new AccountSasServices() { Queues = true }.ToString(), // Allow access to the service level APIs ResourceTypes = new AccountSasResourceTypes() { Service = true }.ToString(), // Allow read access Permissions = new AccountSasPermissions() { Read = true }.ToString(), // Access expires in 1 hour! ExpiryTime = DateTimeOffset.UtcNow.AddHours(1) }; // Create a SharedKeyCredential that we can use to sign the SAS token StorageSharedKeyCredential credential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey); // Build a SAS URI UriBuilder sasUri = new UriBuilder(StorageAccountQueueUri) { Query = sas.ToSasQueryParameters(credential).ToString() }; // Create a client that can authenticate with the SAS URI QueueServiceClient service = new QueueServiceClient(sasUri.Uri); // Make a service request to verify we've succesfully authenticated await service.GetPropertiesAsync(); // Try to create a new container (which is beyond our // delegated permission) StorageRequestFailedException ex = Assert.ThrowsAsync <StorageRequestFailedException>( async() => await service.CreateQueueAsync(Randomize("sample-queue"))); Assert.AreEqual(403, ex.Status); }
/// <summary> /// AccountSasBuilder Struct /// https://docs.microsoft.com/cs-cz/dotnet/api/azure.storage.sas.accountsasbuilder?view=azure-dotnet-preview /// /// </summary> /// <returns></returns> public static string AccountSasBuilder(string accountName, string accountKey) { // AccountSasBuilder is used to generate an account level Shared Access Signature(SAS) for Azure Storage services. // mandatory fields AccountSasBuilder accountSasBuilder; try { accountSasBuilder = new AccountSasBuilder() { //IPRange = Permissions = SAS_Utils.SAS.sp.v, // string - Add, Create, Delete, List, Process, Read, Update, Write (account) //Protocol = ResourceTypes = SAS_Utils.SAS.srt.v, // string - Container, Object, Service Services = SAS_Utils.SAS.ss.v, // String - Blobs, Files, Queues //StartTime = - DateTimeOffset.UtcNow // OK ExpiryTime = SAS_Utils.SAS.seDateTime, // DateTimeOffset - DateTimeOffset.UtcNow.AddMinutes(60) // OK Version = SAS_Utils.SAS.sv.v // String - sv }; // Adding the optional fields commented out above //----------------------------------------------------------- if (!String.IsNullOrEmpty(SAS_Utils.SAS.st.v)) { accountSasBuilder.StartTime = SAS_Utils.SAS.stDateTime; } if (!String.IsNullOrEmpty(SAS_Utils.SAS.spr.v)) { accountSasBuilder.Protocol = Get_SasProtocol(SAS_Utils.SAS.spr.v); // SasProtocol - Https, HttpsAndHttp, None } if (!String.IsNullOrEmpty(SAS_Utils.SAS.sip.v)) { accountSasBuilder.IPRange = new IPRange(new System.Net.IPAddress(SAS_Utils.fromIP), (SAS_Utils.toIP[0] == 0 ? null : new System.Net.IPAddress(SAS_Utils.toIP))); // IPRange - StartIP, optional EndIP } } catch (Exception ex) { MessageBox.Show("Error on creating Account SAS\n\n" + ex.ToString(), "Invalid SAS parameters", MessageBoxButton.OK, MessageBoxImage.Exclamation); return(""); } //----------------------------------------------------------- StorageSharedKeyCredential Credential = new StorageSharedKeyCredential(accountName, accountKey); // Use the key to get the SAS token. string sasToken = accountSasBuilder.ToSasQueryParameters(Credential).ToString(); return(sasToken); }
public SasQueryParameters GetNewAccountSasCredentials(StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new AccountSasBuilder { Protocol = SasProtocol.None, Services = AccountSasServices.Files, ResourceTypes = AccountSasResourceTypes.Container, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions(AccountSasPermissions.Create | AccountSasPermissions.Delete); return(builder.ToSasQueryParameters(sharedKeyCredentials)); }
/// <summary> /// The <see cref="GenerateAccountSasUri(AccountSasBuilder)"/> returns a Uri that /// generates a Service SAS based on the Client properties and builder passed. /// /// For more information, see /// <see href="https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas"> /// Constructing a Service SAS</see> /// </summary> /// <param name="builder"> /// Used to generate a Shared Access Signature (SAS). /// </param> /// <returns> /// A <see cref="Uri"/> containing the SAS Uri. /// </returns> /// <remarks> /// A <see cref="Exception"/> will be thrown if /// a failure occurs. /// </remarks> public Uri GenerateAccountSasUri(AccountSasBuilder builder) { builder = builder ?? throw Errors.ArgumentNull(nameof(builder)); if (!builder.Services.HasFlag(AccountSasServices.Queues)) { throw Errors.SasServiceNotMatching( nameof(builder.Services), nameof(builder), nameof(AccountSasServices.Queues)); } QueueUriBuilder sasUri = new QueueUriBuilder(Uri); sasUri.Query = builder.ToSasQueryParameters(ClientConfiguration.SharedKeyCredential).ToString(); return(sasUri.ToUri()); }
/// <summary> /// Method that generates the SAS token for Azure Blob Storage authentication /// </summary> /// <param name="key"> /// Azure account key /// </param> /// <param name="accountName"> /// Azure account name /// </param> /// <returns> /// SAS key /// </returns> public string GenerateSAS(string key, string accountName) { var sharedKeyCredentials = new StorageSharedKeyCredential(accountName, key); var sasBuilder = new AccountSasBuilder() { StartsOn = DateTimeOffset.UtcNow - TimeSpan.FromSeconds(10), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5), Services = AccountSasServices.All, ResourceTypes = AccountSasResourceTypes.All, Protocol = SasProtocol.Https }; sasBuilder.SetPermissions(AccountSasPermissions.All); return(sasBuilder.ToSasQueryParameters(sharedKeyCredentials).ToString()); }
/// <summary> /// The <see cref="GenerateAccountSasUri(AccountSasBuilder)"/> returns a <see cref="Uri"/> /// that generates a DataLake Account Shared Access Signature (SAS) /// based on the Client properties and builder passed. /// The SAS is signed by the shared key credential of the client. /// /// To check if the client is able to sign a Service Sas see /// <see cref="CanGenerateAccountSasUri"/>. /// /// For more information, see /// <see href="https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas"> /// Constructing an Account SAS</see>. /// </summary> /// <param name="builder"> /// Used to generate a Shared Access Signature (SAS). /// </param> /// <returns> /// A <see cref="Uri"/> containing the SAS Uri. /// </returns> /// <remarks> /// A <see cref="Exception"/> will be thrown if a failure occurs. /// </remarks> public Uri GenerateAccountSasUri( AccountSasBuilder builder) { builder = builder ?? throw Errors.ArgumentNull(nameof(builder)); if (!builder.Services.HasFlag(AccountSasServices.Blobs)) { throw Errors.SasServiceNotMatching( nameof(builder.Services), nameof(builder), nameof(AccountSasServices.Blobs)); } DataLakeUriBuilder sasUri = new DataLakeUriBuilder(Uri); sasUri.Query = builder.ToSasQueryParameters(_storageSharedKeyCredential).ToString(); return(sasUri.ToUri()); }
public object RequestUploadInfo() { var sasBuilder = new AccountSasBuilder { Services = AccountSasServices.Blobs, StartsOn = DateTimeOffset.UtcNow.AddMinutes(-5), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5), Protocol = SasProtocol.Https, ResourceTypes = AccountSasResourceTypes.Object | AccountSasResourceTypes.Container, }; sasBuilder.SetPermissions(AccountSasPermissions.Read | AccountSasPermissions.Write | AccountSasPermissions.Update | AccountSasPermissions.Tag); var client = new BlobServiceClient(azureOptions.CurrentValue.StorageAccount.ConnectionString); return(new { Sas = client.GenerateAccountSasUri(sasBuilder).ToString(), ContainerName = azureOptions.CurrentValue.StorageAccount.ContainerName }); }
public async Task AccountPermissionsRawPermissions_InvalidPermission() { // Arrange await using DisposingQueue test = await GetTestQueueAsync(); AccountSasBuilder accountSasBuilder = new AccountSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), Services = AccountSasServices.Queues, ResourceTypes = AccountSasResourceTypes.All }; TestHelper.AssertExpectedException( () => accountSasBuilder.SetPermissions("werteyfg"), new ArgumentException("e is not a valid SAS permission")); }
internal SharedAccessSignatureCredentials GetAccountSasCredentials( AccountSasServices services = AccountSasServices.All, AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All, AccountSasPermissions permissions = AccountSasPermissions.All) { var sasBuilder = new AccountSasBuilder { ExpiresOn = Recording.UtcNow.AddHours(1), Services = services, ResourceTypes = resourceTypes, Protocol = SasProtocol.Https, }; sasBuilder.SetPermissions(permissions); var cred = new StorageSharedKeyCredential(TestConfigDefault.AccountName, TestConfigDefault.AccountKey); return(new SharedAccessSignatureCredentials(sasBuilder.ToSasQueryParameters(cred).ToString())); }
public SasQueryParameters GetNewAccountSas( AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All, AccountSasPermissions permissions = AccountSasPermissions.All, StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new AccountSasBuilder { Protocol = SasProtocol.None, Services = AccountSasServices.Blobs, ResourceTypes = resourceTypes, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None), }; builder.SetPermissions(permissions); return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials())); }