public static IActionResult Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "GetAccessToken/{username}")] HttpRequest req, string username, ILogger log) { string clientIp = GetIpFromRequestHeaders(req); log.LogInformation($"Access Token Request for {username} from {clientIp}"); // Don't issue tokens unless we've got a username if (string.IsNullOrEmpty(username)) { return(new BadRequestObjectResult(string.Empty)); } string accountKey = Environment.GetEnvironmentVariable("AccountKey"); string accountName = Environment.GetEnvironmentVariable("AccountName"); // To create the account SAS, you need to use your shared key credentials. Modify for your account. string connectionString = $"DefaultEndpointsProtocol=https;AccountName={accountName};AccountKey={accountKey}"; CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString); // Create a new access policy for the account. SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1), Protocols = SharedAccessProtocol.HttpsOnly }; return((ActionResult) new OkObjectResult(storageAccount.GetSharedAccessSignature(policy))); }
public string GenerateSasToken(SharedAccessAccountPolicy sharedAccessAccountPolicy) { var storageAccount = InitializeStorageAccount(); string sasToken = storageAccount.GetSharedAccessSignature(sharedAccessAccountPolicy); return(sasToken); }
static void GetSharedAccessSignatureAccessToken() { Console.WriteLine($"Starting Get Shared Access Token Snippet"); // This only makes sense if the containers access level is set to private!! // Microsoft reccomends you set the start times on these to 15 minutes before your current time to allow for 'clock skew' // There will be no references to these generated SAS Tokens in the portal, it cannot be looked up again or revoked // Always use HTTPS to create or distribute a SAS. If a SAS is passed over HTTP and intercepted, an attacker performing a // man -in-the-middle attack is able to read the SAS and then use it just as the intended user could have, // potentially compromising sensitive data or allowing for data corruption by the malicious user. // Use near-term expiration times on an ad hoc SAS. In this way, even if a SAS is compromised, it's valid only for a short time. // This practice is especially important if you cannot reference a stored access policy. Near-term expiration times also // limit the amount of data that can be written to a blob by limiting the time available to upload to it. SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.Now.AddMinutes(10), Protocols = SharedAccessProtocol.HttpsOnly }; var token = storageAccount.GetSharedAccessSignature(policy); Console.WriteLine($"SAS Token retreived: {token}"); Console.WriteLine($"Finished Get Shared Access Token Snippet\r\n"); }
/// <summary> /// Gets one item from the Azure Storage account /// </summary> /// <param name="blobName">Name of the blob on Azure</param> /// <param name="containerName">Name of the blob container in Azure. If nested in directories use: /container-name/dir1/dir2</param> /// <returns></returns> public async Task <MemoryStream> GetAsync(string blobName, string containerName) { // Set policies var policy = new SharedAccessAccountPolicy { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File, ResourceTypes = SharedAccessAccountResourceTypes.Service, SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(5), Protocols = SharedAccessProtocol.HttpsOnly }; // Set correct policies _cloudStorageAccount.GetSharedAccessSignature(policy); // Create blobClient var blobClient = _cloudStorageAccount.CreateCloudBlobClient(); // Get reference from the container var container = blobClient.GetContainerReference(containerName); // Name of blob var blockBlob = container.GetBlockBlobReference(blobName); // Download the blob var memoryStream = new MemoryStream(); await blockBlob.DownloadToStreamAsync(memoryStream); return(memoryStream); }
// Storage account SAS Token creation samples public static string GetAccountSASToken() { const string ConnectionString = "DefaultEndpointsProtocol=https;AccountName=account-name;AccountKey=account-key"; CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConnectionString); // Sample in which error is generated due to usage of insecure [HttpsOrHttp] protocol configuration SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File, ResourceTypes = SharedAccessAccountResourceTypes.Service, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Protocols = SharedAccessProtocol.HttpsOnly }; // Sample in which warning is generated to be aware of expiry time [SharedAccessExpiryTime] policy = new SharedAccessAccountPolicy { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File, ResourceTypes = SharedAccessAccountResourceTypes.Service, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Protocols = SharedAccessProtocol.HttpsOnly, }; return(storageAccount.GetSharedAccessSignature(policy)); }
public static String GetQueueSasToken(String connectionString) { CloudStorageAccount account = CloudStorageAccount.Parse(connectionString); SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.Delete | SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.ProcessMessages | SharedAccessAccountPermissions.Update | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Queue, ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1), Protocols = SharedAccessProtocol.HttpsOnly }; return(account.GetSharedAccessSignature(policy)); }
public IndexModel(ILogger <IndexModel> logger, IConfiguration configuration) { _logger = logger; _configuration = configuration; var StorageConnectionString = _configuration["StorageConnectionString"]; var storageAccount = CloudStorageAccount.Parse(StorageConnectionString); _tableClient = storageAccount.CreateCloudTableClient(new TableClientConfiguration()); var blobServiceClient = new BlobServiceClient(StorageConnectionString); _blobContainerClient = blobServiceClient.GetBlobContainerClient(WavBlobName); var policy = new SharedAccessAccountPolicy() { SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(25), //SharedAccessExpiryTime = DateTime.UtcNow.AddDays(3), Permissions = SharedAccessAccountPermissions.Read, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Object }; _storageSasToken = storageAccount.GetSharedAccessSignature(policy); }
public override void ExecuteCmdlet() { if (!UseTrack2Sdk()) // Track1 { var sharedAccessPolicy = new SharedAccessAccountPolicy() { Permissions = SetupAccessPolicyPermission(this.Permission), Services = Service, ResourceTypes = ResourceType, Protocols = Protocol, IPAddressOrRange = Util.SetupIPAddressOrRangeForSAS(this.IPAddressOrRange) }; DateTimeOffset?accessStartTime; DateTimeOffset?accessEndTime; SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime, out accessStartTime, out accessEndTime, true); sharedAccessPolicy.SharedAccessStartTime = accessStartTime; sharedAccessPolicy.SharedAccessExpiryTime = accessEndTime; this.WriteObject(Channel.GetStorageAccountSASToken(sharedAccessPolicy)); } else { AccountSasBuilder sasBuilder = SasTokenHelper.SetAccountSasBuilder(this.Service, this.ResourceType, Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol); string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(Channel.StorageContext.StorageAccountName, Channel.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString(); if (sasToken[0] != '?') { sasToken = "?" + sasToken; } this.WriteObject(sasToken); } }
protected void Page_Load(object sender, EventArgs e) { string clientIP = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"]; clientIP = clientIP.Substring(0, clientIP.IndexOf(':')); IPAddressOrRange clientIPRange = new IPAddressOrRange(clientIP); ConnectionStringSettings storageConnectionStr = WebConfigurationManager.ConnectionStrings["StorageAccount"]; string ConnectionString = storageConnectionStr.ConnectionString; CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConnectionString); //Create container webcam if it does not exist. CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient(); CloudBlobContainer blobContainer = blobClient.GetContainerReference("webcam"); blobContainer.CreateIfNotExists(); // Create a new access policy for the account. SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Delete, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Container, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1), Protocols = SharedAccessProtocol.HttpsOnly, IPAddressOrRange = clientIPRange, }; // Return the SAS token and container Uri. Javascript will use these value to upload image. string sasToken = storageAccount.GetSharedAccessSignature(policy); blobAccountTextbox.Text = blobClient.StorageUri.PrimaryUri.ToString(); sasTokenTextBox.Text = sasToken; }
/// <summary> /// Creates an Account SAS Token /// </summary> /// <returns>A SAS token.</returns> private static string GetAccountSASToken() { // Retrieve storage account information from connection string CloudStorageAccount storageAccount = Cfg.GetAccount(); // Create a new access policy for the account with the following properties: // Permissions: Read, Write, List, Create, Delete // ResourceType: Container // Expires in 24 hours // Protocols: HTTPS or HTTP (note that the storage emulator does not support HTTPS) SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { // When the start time for the SAS is omitted, the start time is assumed to be the time when the storage service receives the request. // Omitting the start time for a SAS that is effective immediately helps to avoid clock skew. Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Delete, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Protocols = SharedAccessProtocol.HttpsOrHttp }; // Create new storage credentials using the SAS token. string sasToken = storageAccount.GetSharedAccessSignature(policy); // Return the SASToken return(sasToken); }
private string GetSasTokenForImportExport() { // Recommended to address possible clock skew, see // https://docs.microsoft.com/azure/storage/common/storage-dotnet-shared-access-signature-part-1#best-practices-when-using-sas const int CLOCK_SKEW_MINUTES = 15; CloudStorageAccount storageAccount = CloudStorageAccount.Parse(this.config.IoTHubImportStorageAccount); // Note: // 1. don't set start time, so the token is valid immediately and not affected by clock skew // 2. for clients using a REST version prior to 2012-02-12, the maximum duration for a SAS that does // NOT reference a stored access policy is 1 hour var policy = new SharedAccessAccountPolicy { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.Delete | SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Update, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(JOB_SAS_TOKEN_DURATION_HOURS * 60 + CLOCK_SKEW_MINUTES), Protocols = SharedAccessProtocol.HttpsOnly }; return(storageAccount.GetSharedAccessSignature(policy)); }
private string AddSasToUser(WebPortfolioContext _context, string username) { // Search the user which has added recently Users addedUser = (from u in _context.Users where u.Username == username select u).FirstOrDefault(); // Storage account var storageAccount = CloudStorageAccount.Parse(connectionString); // Generate a SAS token for the user's container/object to Webportfolio's Storage Account SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Delete | SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Container, SharedAccessStartTime = DateTime.UtcNow.AddHours(-1), SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1), Protocols = SharedAccessProtocol.HttpsOnly, }; string sasToken = storageAccount.GetSharedAccessSignature(policy); // Save the SAS token to database addedUser.SasToken = sasToken; _context.SaveChanges(); return(sasToken); }
/// <summary> /// Creates an Account SAS Token /// </summary> /// <param name="storageAccount">The storage account object</param> /// <returns>sasToken</returns> private static string GetAccountSASToken() { // Retrieve storage account information from connection string // How to create a storage connection string - http://msdn.microsoft.com/en-us/library/azure/ee758697.aspx CloudStorageAccount storageAccount = CreateStorageAccountFromConnectionString(CloudConfigurationManager.GetSetting("StorageConnectionString")); // Create a new access policy for the account with the following properties: // Permissions: Read, Write, List, Create, Delete // ResourceType: Container // Expires in 24 hours // Protocols: Https or Http (As Emulator does not yet support Https) SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Delete, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Protocols = SharedAccessProtocol.HttpsOrHttp }; // Create new storage credentials using the SAS token. string sasToken = storageAccount.GetSharedAccessSignature(policy); // Return the SASToken return(sasToken); }
private static void ValidateSASService( SharedAccessAccountServices expectedService, string sasService) { string serviceString = SharedAccessAccountPolicy.ServicesToString(expectedService); Test.Assert(string.Equals(sasService, serviceString), "Service: {0} == {1}", serviceString, sasService); }
private static void ValidateResourceType( SharedAccessAccountResourceTypes expectedResourceType, string sasResourceType) { string resourceTypeString = SharedAccessAccountPolicy.ResourceTypesToString(expectedResourceType); Test.Assert(string.Equals(sasResourceType, resourceTypeString), "Resource type: {0} == {1}", resourceTypeString, sasResourceType); }
public string GetStorageSasToken() { CloudStorageAccount storageAccount = InitializeStorageAccount(); SharedAccessAccountPolicy policy = GetPolicy(); string sasToken = storageAccount.GetSharedAccessSignature(policy); return(sasToken); }
public string GetSharedAccessSignature(SharedAccessAccountPolicy policy) { if (policy == null) { throw new ArgumentNullException(nameof(policy)); } return(this.account.GetSharedAccessSignature(policy)); }
public string GenerateSASToken() { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(configuration.GetConnectionString("AzureBlobStorage")); var policy = new SharedAccessAccountPolicy { SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(5), Permissions = SharedAccessAccountPermissions.Read }; return(storageAccount.GetSharedAccessSignature(policy)); }
private string GetSASToken() { SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.Now.AddMinutes(1) }; return(_storageAccount.GetSharedAccessSignature(policy)); }
public static string GetSASToken(CloudStorageAccount sa) { SharedAccessAccountPolicy saap = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.Now.AddMinutes(30), Protocols = SharedAccessProtocol.HttpsOrHttp }; return(sa.GetSharedAccessSignature(saap)); }
static string GetSASToken(CloudStorageAccount storageAccount) { SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.Now.AddMinutes(30), Protocols = SharedAccessProtocol.HttpsOnly }; return(storageAccount.GetSharedAccessSignature(policy)); }
static string GetSasToken() { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(STORAGE_ACCOUNT_CONN_STRING); var policy = new SharedAccessAccountPolicy { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.Delete, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(60), Protocols = SharedAccessProtocol.HttpsOnly }; return(storageAccount.GetSharedAccessSignature(policy)); }
public void GenerateSas(CloudStorageAccount storage) { var constraints = new SharedAccessAccountPolicy { Protocols = SharedAccessProtocol.HttpsOrHttp, Services = SharedAccessAccountServices.File, SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(1), Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List, ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object }; Sas = storage.GetSharedAccessSignature(constraints); }
public void LeaseWithoutEnoughPermission() { string containerName = Utility.GenNameString("container"); string blobName = Utility.GenNameString("blob"); CloudBlobContainer container = blobUtil.CreateContainer(containerName); try { CloudBlob blob = blobUtil.CreateRandomBlob(container, blobName); string containerSasToken = string.Empty; // Create a container SAS Test.Assert(CommandAgent.NewAzureStorageContainerSAS(containerName, string.Empty, "rl", DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromMinutes(5)), Utility.GenComparisonData("container sas create", true)); if (lang == Language.NodeJS) { containerSasToken = (CommandAgent as NodeJSAgent).Output[0]["sas"] as string; } // Create an account SAS SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read, ResourceTypes = SharedAccessAccountResourceTypes.Container, Services = SharedAccessAccountServices.Blob, SharedAccessStartTime = DateTimeOffset.UtcNow, SharedAccessExpiryTime = DateTimeOffset.UtcNow + TimeSpan.FromMinutes(5) }; string accountSasToken = Utility.GenerateAccountSAS(policy); CommandAgent.SetStorageContextWithSASToken(StorageAccount.Credentials.AccountName, accountSasToken); Test.Assert(!CommandAgent.AcquireLease(containerName, null), Utility.GenComparisonData("Acquire Lease", false)); CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name); Test.Assert(!CommandAgent.AcquireLease(containerName, blobName), Utility.GenComparisonData("Acquire Lease", false)); CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name); CommandAgent.SetStorageContextWithSASToken(StorageAccount.Credentials.AccountName, containerSasToken); Test.Assert(!CommandAgent.AcquireLease(containerName, null), Utility.GenComparisonData("Acquire Lease", false)); CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name); Test.Assert(!CommandAgent.AcquireLease(containerName, blobName), Utility.GenComparisonData("Acquire Lease", false)); CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name); } finally { blobUtil.RemoveContainer(containerName); } }
protected string GetSharedAccessSignature() { var sharePolicy = new SharedAccessAccountPolicy() { Services = SharedAccessAccountServices.Blob, Permissions = SharedAccessAccountPermissions.Read, ResourceTypes = SharedAccessAccountResourceTypes.Object, Protocols = SharedAccessProtocol.HttpsOnly }; var token = StorageAccount.GetSharedAccessSignature(sharePolicy); return(token); }
string GetSas(SharedAccessAccountPermissions permissions) { var policy = new SharedAccessAccountPolicy { Permissions = permissions, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTimeOffset.Now.AddDays(1), Protocols = SharedAccessProtocol.HttpsOrHttp, }; var sasToken = _storageAccount.GetSharedAccessSignature(policy); return(_container.Uri + sasToken); }
private static string GetAccountSASToken() { const string connectionString = ""; CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(connectionString); SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Protocols = SharedAccessProtocol.HttpsOnly }; return(cloudStorageAccount.GetSharedAccessSignature(policy)); }
public string GetAccountSASToken() { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(_connectionString); SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read, Services = SharedAccessAccountServices.Table, ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Protocols = SharedAccessProtocol.HttpsOnly }; return(storageAccount.GetSharedAccessSignature(policy)); }
//ALL PRIVATE CONTAINER public static string GenerateAccountSASToken() { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(storageConnectionString); // Create a new access policy for the account. SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy() { Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List, Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Object, SharedAccessExpiryTime = DateTime.UtcNow.AddHours(sasTokenExpireTime), //Token ExpireTime is sasTokenExpireTime hour Protocols = SharedAccessProtocol.HttpsOnly }; return(storageAccount.GetSharedAccessSignature(policy)); }
public override Task <StorageTokenSettingsResult> ExecuteAsync(object request) { var retResult = new StorageTokenSettingsResult(); string connectionString = _config["BlobStorage:ConnectionString"]; string expiryTimeSpanString = _config["BlobStorage:TokenExpiryTimeSpanInMinutes"]; double expiryMinutes = double.Parse(expiryTimeSpanString); var expires = DateTimeOffset.UtcNow.AddMinutes(expiryMinutes); try { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString); //throws format exception if not in correct format SharedAccessAccountPolicy accessPolicy = new SharedAccessAccountPolicy() { //Permissions = SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write, Permissions = SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List, Protocols = SharedAccessProtocol.HttpsOnly, Services = SharedAccessAccountServices.Blob, ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object, //SharedAccessStartTime = DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(15)), //NOTE: Leaving value blank will make it valid immediately - safter for time zone reasons SharedAccessExpiryTime = expires, }; string token = storageAccount.GetSharedAccessSignature(accessPolicy); //NOTE: local storage endpoint will point to: https://<account-name>.blob.core.windows.net/ - this needs to be replaced by http://127.0.0.1:10000/<account-name>/<resource-path> var settings = new CloudStorageSettings() { SharedAccessSignature = token, SharedAccessSignatureExpires = expires, DocumentStorageContainerName = "document-container-test", ImageStorageContainerName = "image-container-test", AccountName = storageAccount.Credentials.AccountName, ConnectionString = $"SharedAccessSignature={token.TrimStart('?')};BlobEndpoint={storageAccount.BlobEndpoint.AbsoluteUri}", BlobStorageEndpoint = storageAccount.BlobEndpoint.AbsoluteUri }; retResult.StorageSettings = settings; } catch (FormatException) { retResult.Notification.Add("Connection String was not in the correct format"); } return(Task.FromResult(retResult)); }