public void GenerateAccountSas_Builder() { // Arrange var constants = new TestConstants(this); var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account); var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary"); var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint)); string connectionString = storageConnectionString.ToString(true); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1); AccountSasServices services = AccountSasServices.Blobs; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient( blobEndpoint, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; // Act Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); // Assert AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; UriBuilder expectedUri = new UriBuilder(blobEndpoint); expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString(); Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString()); }
public void GenerateAccountSas_Builder() { // Arrange TestConstants constants = new TestConstants(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.dfs.core.windows.net"); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1); AccountSasServices services = AccountSasServices.Blobs; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; // Act Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); // Assert AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { StartsOn = startsOn }; UriBuilder expectedUri = new UriBuilder(serviceUri); expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString(); Assert.AreEqual(expectedUri.Uri, sasUri); }
public void GenerateAccountSas_WrongService_Service() { var constants = new TestConstants(this); var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account); var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary"); var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint)); string connectionString = storageConnectionString.ToString(true); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasServices services = AccountSasServices.Files;// Wrong Service AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; BlobServiceClient serviceClient = InstrumentClient(new BlobServiceClient(connectionString, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes) { IPRange = new SasIPRange(System.Net.IPAddress.None, System.Net.IPAddress.None), StartsOn = Recording.UtcNow.AddHours(-1) }; // Act try { Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); Assert.Fail("BlobContainerClient.GenerateSasUri should have failed with an ArgumentException."); } catch (InvalidOperationException) { // the correct exception came back } }
public void GenerateAccountSas_RequiredParameters() { // Arrange TestConstants constants = new TestConstants(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net"); DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient( new QueueServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); // Act Uri sasUri = serviceClient.GenerateAccountSasUri( permissions: permissions, expiresOn: expiresOn, resourceTypes: resourceTypes); // Assert AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes); UriBuilder expectedUri = new UriBuilder(serviceUri) { Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString() }; Assert.AreEqual(expectedUri.Uri, sasUri); }
public void GenerateAccountSas_Builder() { TestConstants constants = TestConstants.Create(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net"); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasServices services = AccountSasServices.Queues; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient( new QueueServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes); // Add more properties on the builder sasBuilder.SetPermissions(permissions); // Act Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder); // Assert AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes); UriBuilder expectedUri = new UriBuilder(serviceUri); expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString(); Assert.AreEqual(expectedUri.Uri, sasUri); }
public void GenerateAccountSas_RequiredParameters() { // Arrange var constants = new TestConstants(this); var queueEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account); var queueSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary"); var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, queueStorageUri: (queueEndpoint, queueSecondaryEndpoint)); string connectionString = storageConnectionString.ToString(true); DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient(new QueueServiceClient(connectionString, GetOptions())); // Act Uri sasUri = serviceClient.GenerateAccountSasUri( permissions: permissions, expiresOn: expiresOn, resourceTypes: resourceTypes); // Assert AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes); UriBuilder expectedUri = new UriBuilder(queueEndpoint) { Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString() }; Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString()); }
/// <summary> /// Create a permissions string to provide /// <see cref="AccountSasBuilder.Permissions"/>. /// </summary> /// <returns>A permissions string.</returns> internal static string ToPermissionsString(this AccountSasPermissions permissions) { var sb = new StringBuilder(); if ((permissions & AccountSasPermissions.Read) == AccountSasPermissions.Read) { sb.Append(Constants.Sas.Permissions.Read); } if ((permissions & AccountSasPermissions.Write) == AccountSasPermissions.Write) { sb.Append(Constants.Sas.Permissions.Write); } if ((permissions & AccountSasPermissions.Delete) == AccountSasPermissions.Delete) { sb.Append(Constants.Sas.Permissions.Delete); } if ((permissions & AccountSasPermissions.DeleteVersion) == AccountSasPermissions.DeleteVersion) { sb.Append(Constants.Sas.Permissions.DeleteBlobVersion); } if ((permissions & AccountSasPermissions.PermanentDelete) == AccountSasPermissions.PermanentDelete) { sb.Append(Constants.Sas.Permissions.PermanentDelete); } if ((permissions & AccountSasPermissions.List) == AccountSasPermissions.List) { sb.Append(Constants.Sas.Permissions.List); } if ((permissions & AccountSasPermissions.Add) == AccountSasPermissions.Add) { sb.Append(Constants.Sas.Permissions.Add); } if ((permissions & AccountSasPermissions.Create) == AccountSasPermissions.Create) { sb.Append(Constants.Sas.Permissions.Create); } if ((permissions & AccountSasPermissions.Update) == AccountSasPermissions.Update) { sb.Append(Constants.Sas.Permissions.Update); } if ((permissions & AccountSasPermissions.Process) == AccountSasPermissions.Process) { sb.Append(Constants.Sas.Permissions.Process); } if ((permissions & AccountSasPermissions.Tag) == AccountSasPermissions.Tag) { sb.Append(Constants.Sas.Permissions.Tag); } if ((permissions & AccountSasPermissions.Filter) == AccountSasPermissions.Filter) { sb.Append(Constants.Sas.Permissions.FilterByTags); } if ((permissions & AccountSasPermissions.SetImmutabilityPolicy) == AccountSasPermissions.SetImmutabilityPolicy) { sb.Append(Constants.Sas.Permissions.SetImmutabilityPolicy); } return(sb.ToString()); }
/// <summary> /// The <see cref="GenerateAccountSasUri(AccountSasPermissions, DateTimeOffset, AccountSasResourceTypes)"/> /// returns a <see cref="Uri"/> that generates a Queue /// Account Shared Access Signature based on the /// Client properties and parameters passed. The SAS is signed by the /// shared key credential of the client. /// /// For more information, see /// <see href="https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas"> /// Constructing a Service SAS</see> /// </summary> /// <param name="permissions"> /// Required. Specifies the list of permissions to be associated with the SAS. /// See <see cref="AccountSasPermissions"/>. /// </param> /// <param name="expiresOn"> /// Required. The time at which the shared access signature becomes invalid. /// </param> /// <param name="resourceTypes"> /// Specifies the resource types associated with the shared access signature. /// The user is restricted to operations on the specified resources. /// See <see cref="AccountSasResourceTypes"/>. /// </param> /// <returns> /// A <see cref="Uri"/> containing the SAS Uri. /// </returns> /// <remarks> /// A <see cref="RequestFailedException"/> will be thrown if /// a failure occurs. /// </remarks> public Uri GenerateAccountSasUri( AccountSasPermissions permissions, DateTimeOffset expiresOn, AccountSasResourceTypes resourceTypes) => GenerateAccountSasUri(new AccountSasBuilder( permissions, expiresOn, AccountSasServices.Queues, resourceTypes));
public string AccountSasPermissionsToPermissionsString(AccountSasPermissions permissions) { var sb = new StringBuilder(); if ((permissions & AccountSasPermissions.Read) == AccountSasPermissions.Read) { sb.Append(Constants.Sas.Permissions.Read); } if ((permissions & AccountSasPermissions.Write) == AccountSasPermissions.Write) { sb.Append(Constants.Sas.Permissions.Write); } if ((permissions & AccountSasPermissions.Delete) == AccountSasPermissions.Delete) { sb.Append(Constants.Sas.Permissions.Delete); } if ((permissions & AccountSasPermissions.DeleteVersion) == AccountSasPermissions.DeleteVersion) { sb.Append(Constants.Sas.Permissions.DeleteBlobVersion); } if ((permissions & AccountSasPermissions.List) == AccountSasPermissions.List) { sb.Append(Constants.Sas.Permissions.List); } if ((permissions & AccountSasPermissions.Add) == AccountSasPermissions.Add) { sb.Append(Constants.Sas.Permissions.Add); } if ((permissions & AccountSasPermissions.Create) == AccountSasPermissions.Create) { sb.Append(Constants.Sas.Permissions.Create); } if ((permissions & AccountSasPermissions.Update) == AccountSasPermissions.Update) { sb.Append(Constants.Sas.Permissions.Update); } if ((permissions & AccountSasPermissions.Process) == AccountSasPermissions.Process) { sb.Append(Constants.Sas.Permissions.Process); } if ((permissions & AccountSasPermissions.Tag) == AccountSasPermissions.Tag) { sb.Append(Constants.Sas.Permissions.Tag); } if ((permissions & AccountSasPermissions.Filter) == AccountSasPermissions.Filter) { sb.Append(Constants.Sas.Permissions.FilterByTags); } return(sb.ToString()); }
public SasQueryParameters GetNewAccountSasCredentials(StorageSharedKeyCredential sharedKeyCredentials = default, AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.Container, AccountSasPermissions permissions = AccountSasPermissions.Create | AccountSasPermissions.Delete) { var builder = new AccountSasBuilder { Protocol = SasProtocol.None, Services = AccountSasServices.Files, ResourceTypes = resourceTypes, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions(permissions); return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials())); }
public SasQueryParameters GetNewAccountSas( AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All, AccountSasPermissions permissions = AccountSasPermissions.All, StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new AccountSasBuilder { Protocol = SasProtocol.None, Services = AccountSasServices.Blobs, ResourceTypes = resourceTypes, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None), Version = ToSasVersion(_serviceVersion) }; builder.SetPermissions(permissions); return builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials()); }
internal SharedAccessSignatureCredentials GetAccountSasCredentials( AccountSasServices services = AccountSasServices.All, AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All, AccountSasPermissions permissions = AccountSasPermissions.All) { var sasBuilder = new AccountSasBuilder { ExpiresOn = Recording.UtcNow.AddHours(1), Services = services, ResourceTypes = resourceTypes, Protocol = SasProtocol.Https, }; sasBuilder.SetPermissions(permissions); var cred = new StorageSharedKeyCredential(TestConfigDefault.AccountName, TestConfigDefault.AccountKey); return(new SharedAccessSignatureCredentials(sasBuilder.ToSasQueryParameters(cred).ToString())); }
/// <inheritdoc /> public string CreateSharedAccessToken( CreateSharedAccessSignatureConfiguration configuration , AccountSasPermissions permissions , AccountSasResourceTypes resourceTypes , AccountSasServices services = AccountSasServices.Blobs ) { var sas = new AccountSasBuilder { ResourceTypes = resourceTypes, Services = services, StartsOn = DateTimeOffset.UtcNow.AddMinutes(-configuration.ValidFromInMinutes), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(configuration.ValidForInMinutes + configuration.ClockScrewInMinutes) }; sas.SetPermissions(permissions); return("?" + sas.ToSasQueryParameters(this.Options.CreateStorageSharedKeyCredential())); }
public async Task FindBlobsByTagAsync_AccountSas(AccountSasPermissions accountSasPermissions) { // Arrange BlobServiceClient service = GetServiceClient_SharedKey(); await using DisposingContainer test = await GetTestContainerAsync(); string blobName = GetNewBlobName(); AppendBlobClient appendBlob = InstrumentClient(test.Container.GetAppendBlobClient(blobName)); string tagKey = "myTagKey"; string tagValue = "myTagValue"; Dictionary <string, string> tags = new Dictionary <string, string> { { tagKey, tagValue } }; AppendBlobCreateOptions options = new AppendBlobCreateOptions { Tags = tags }; await appendBlob.CreateAsync(options); string expression = $"\"{tagKey}\"='{tagValue}'"; // It takes a few seconds for Filter Blobs to pick up new changes await Delay(2000); // Act SasQueryParameters sasQueryParameters = GetNewAccountSas(permissions: accountSasPermissions); BlobServiceClient sasServiceClient = new BlobServiceClient(new Uri($"{service.Uri}?{sasQueryParameters}"), GetOptions()); List <TaggedBlobItem> blobs = new List <TaggedBlobItem>(); await foreach (Page <TaggedBlobItem> page in sasServiceClient.FindBlobsByTagsAsync(expression).AsPages()) { blobs.AddRange(page.Values); } // Assert TaggedBlobItem filterBlob = blobs.Where(r => r.BlobName == blobName).FirstOrDefault(); Assert.IsNotNull(filterBlob); }
public void GenerateAccountSas_WrongService_Service() { TestConstants constants = TestConstants.Create(this); Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net"); AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); AccountSasServices services = AccountSasServices.Blobs; // Wrong Service AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All; QueueServiceClient serviceClient = InstrumentClient( new QueueServiceClient( serviceUri, constants.Sas.SharedKeyCredential, GetOptions())); AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes); // Act TestHelper.AssertExpectedException( () => serviceClient.GenerateAccountSasUri(sasBuilder), new InvalidOperationException("SAS Uri cannot be generated. builder.Services does specify Queues. builder.Services must either specify Queues or specify all Services are accessible in the value.")); }
public async Task SetImmutibilityPolicyAsync_SetLegalHold_AccoutnSas(AccountSasPermissions sasPermissions) { // Arrange await using DisposingImmutableStorageWithVersioningContainer vlwContainer = await GetTestVersionLevelWormContainer(TestConfigOAuth); BlobBaseClient blob = await GetNewBlobClient(vlwContainer.Container, GetNewBlobName()); BlobServiceClient sharedKeyServiceClient = InstrumentClient( GetServiceClient_OAuthAccount_SharedKey()); Uri serviceSasUri = sharedKeyServiceClient.GenerateAccountSasUri( sasPermissions, Recording.UtcNow.AddDays(1), AccountSasResourceTypes.All); BlobBaseClient sasBlobClient = InstrumentClient(new BlobServiceClient(serviceSasUri, GetOptions()) .GetBlobContainerClient(vlwContainer.Container.Name) .GetBlobBaseClient(blob.Name)); BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy { ExpiresOn = Recording.UtcNow.AddMinutes(5), PolicyMode = BlobImmutabilityPolicyMode.Unlocked }; // The service rounds Immutability Policy Expiry to the nearest second. DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value); // Act Response <BlobImmutabilityPolicy> response = await sasBlobClient.SetImmutabilityPolicyAsync( immutabilityPolicy : immutabilityPolicy); // Assert Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn); Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode); // Act Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobClient.SetLegalHoldAsync(hasLegalHold : false); // Assert Assert.IsFalse(legalHoldResponse.Value.HasLegalHold); }
/// <summary> /// Create a permissions string to provide /// <see cref="AccountSasBuilder.Permissions"/>. /// </summary> /// <returns>A permissions string.</returns> internal static string ToPermissionsString(this AccountSasPermissions permissions) { var sb = new StringBuilder(); if ((permissions & AccountSasPermissions.Read) == AccountSasPermissions.Read) { sb.Append(Constants.Sas.Permissions.Read); } if ((permissions & AccountSasPermissions.Write) == AccountSasPermissions.Write) { sb.Append(Constants.Sas.Permissions.Write); } if ((permissions & AccountSasPermissions.Delete) == AccountSasPermissions.Delete) { sb.Append(Constants.Sas.Permissions.Delete); } if ((permissions & AccountSasPermissions.List) == AccountSasPermissions.List) { sb.Append(Constants.Sas.Permissions.List); } if ((permissions & AccountSasPermissions.Add) == AccountSasPermissions.Add) { sb.Append(Constants.Sas.Permissions.Add); } if ((permissions & AccountSasPermissions.Create) == AccountSasPermissions.Create) { sb.Append(Constants.Sas.Permissions.Create); } if ((permissions & AccountSasPermissions.Update) == AccountSasPermissions.Update) { sb.Append(Constants.Sas.Permissions.Update); } if ((permissions & AccountSasPermissions.Process) == AccountSasPermissions.Process) { sb.Append(Constants.Sas.Permissions.Process); } return(sb.ToString()); }
// NewSASQueryParameters uses an account's shared key credential to sign this signature values to produce // the proper SAS query parameters. public SasQueryParameters ToSasQueryParameters(SharedKeyCredentials sharedKeyCredential) { // https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); if (this.ExpiryTime == default || String.IsNullOrEmpty(this.Permissions) || String.IsNullOrEmpty(this.ResourceTypes) || String.IsNullOrEmpty(this.Services)) { throw Errors.AccountSasMissingData(); } if (String.IsNullOrEmpty(this.Version)) { this.Version = SasQueryParameters.SasVersion; } // Make sure the permission characters are in the correct order this.Permissions = AccountSasPermissions.Parse(this.Permissions).ToString(); var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", sharedKeyCredential.AccountName, this.Permissions, this.Services, this.ResourceTypes, startTime, expiryTime, this.IPRange.ToString(), this.Protocol.ToString(), this.Version, ""); // That's right, the account SAS requires a terminating extra newline var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new SasQueryParameters(this.Version, this.Services, this.ResourceTypes, this.Protocol, this.StartTime, this.ExpiryTime, this.IPRange, null, null, this.Permissions, signature); return(p); }
/// <summary> /// Set account permission to SAS builder /// </summary> public static AccountSasBuilder SetAccountPermission(AccountSasBuilder sasBuilder, string rawPermission) { AccountSasPermissions permission = 0; foreach (char c in rawPermission) { switch (c) { case 'r': permission = permission | AccountSasPermissions.Read; break; case 'a': permission = permission | AccountSasPermissions.Add; break; case 'c': permission = permission | AccountSasPermissions.Create; break; case 'w': permission = permission | AccountSasPermissions.Write; break; case 'd': permission = permission | AccountSasPermissions.Delete; break; case 'l': permission = permission | AccountSasPermissions.List; break; case 'u': permission = permission | AccountSasPermissions.Update; break; case 'p': permission = permission | AccountSasPermissions.Process; break; case 't': permission = permission | AccountSasPermissions.Tag; break; case 'f': permission = permission | AccountSasPermissions.Filter; break; case 'x': permission = permission | AccountSasPermissions.DeleteVersion; break; case 'i': permission = permission | AccountSasPermissions.SetImmutabilityPolicy; break; case 'y': permission = permission | AccountSasPermissions.PermanentDelete; break; default: // Can't convert to permission supported by XSCL, so use raw permission string sasBuilder.SetPermissions(rawPermission); return(sasBuilder); } } sasBuilder.SetPermissions(permission); return(sasBuilder); }