public static IActionResult Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "GetAccessToken/{username}")] HttpRequest req, string username, ILogger log)
{
string clientIp = GetIpFromRequestHeaders(req);
log.LogInformation($"Access Token Request for {username} from {clientIp}");
// Don't issue tokens unless we've got a username
if (string.IsNullOrEmpty(username))
{
return(new BadRequestObjectResult(string.Empty));
}
string accountKey = Environment.GetEnvironmentVariable("AccountKey");
string accountName = Environment.GetEnvironmentVariable("AccountName");
// To create the account SAS, you need to use your shared key credentials. Modify for your account.
string connectionString = $"DefaultEndpointsProtocol=https;AccountName={accountName};AccountKey={accountKey}";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString);
// Create a new access policy for the account.
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Protocols = SharedAccessProtocol.HttpsOnly
};
return((ActionResult) new OkObjectResult(storageAccount.GetSharedAccessSignature(policy)));
}
public string GenerateSasToken(SharedAccessAccountPolicy sharedAccessAccountPolicy)
{
var storageAccount = InitializeStorageAccount();
string sasToken = storageAccount.GetSharedAccessSignature(sharedAccessAccountPolicy);
return(sasToken);
}
static void GetSharedAccessSignatureAccessToken()
{
Console.WriteLine($"Starting Get Shared Access Token Snippet");
// This only makes sense if the containers access level is set to private!!
// Microsoft reccomends you set the start times on these to 15 minutes before your current time to allow for 'clock skew'
// There will be no references to these generated SAS Tokens in the portal, it cannot be looked up again or revoked
// Always use HTTPS to create or distribute a SAS. If a SAS is passed over HTTP and intercepted, an attacker performing a
// man -in-the-middle attack is able to read the SAS and then use it just as the intended user could have,
// potentially compromising sensitive data or allowing for data corruption by the malicious user.
// Use near-term expiration times on an ad hoc SAS. In this way, even if a SAS is compromised, it's valid only for a short time.
// This practice is especially important if you cannot reference a stored access policy. Near-term expiration times also
// limit the amount of data that can be written to a blob by limiting the time available to upload to it.
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.Now.AddMinutes(10),
Protocols = SharedAccessProtocol.HttpsOnly
};
var token = storageAccount.GetSharedAccessSignature(policy);
Console.WriteLine($"SAS Token retreived: {token}");
Console.WriteLine($"Finished Get Shared Access Token Snippet\r\n");
}
/// <summary>
/// Gets one item from the Azure Storage account
/// </summary>
/// <param name="blobName">Name of the blob on Azure</param>
/// <param name="containerName">Name of the blob container in Azure. If nested in directories use: /container-name/dir1/dir2</param>
/// <returns></returns>
public async Task <MemoryStream> GetAsync(string blobName, string containerName)
{
// Set policies
var policy = new SharedAccessAccountPolicy
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File,
ResourceTypes = SharedAccessAccountResourceTypes.Service,
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(5),
Protocols = SharedAccessProtocol.HttpsOnly
};
// Set correct policies
_cloudStorageAccount.GetSharedAccessSignature(policy);
// Create blobClient
var blobClient = _cloudStorageAccount.CreateCloudBlobClient();
// Get reference from the container
var container = blobClient.GetContainerReference(containerName);
// Name of blob
var blockBlob = container.GetBlockBlobReference(blobName);
// Download the blob
var memoryStream = new MemoryStream();
await blockBlob.DownloadToStreamAsync(memoryStream);
return(memoryStream);
}
// Storage account SAS Token creation samples
public static string GetAccountSASToken()
{
const string ConnectionString =
"DefaultEndpointsProtocol=https;AccountName=account-name;AccountKey=account-key";
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConnectionString);
// Sample in which error is generated due to usage of insecure [HttpsOrHttp] protocol configuration
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy
{
Permissions =
SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write |
SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File,
ResourceTypes = SharedAccessAccountResourceTypes.Service,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOnly
};
// Sample in which warning is generated to be aware of expiry time [SharedAccessExpiryTime]
policy = new SharedAccessAccountPolicy
{
Permissions =
SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write |
SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File,
ResourceTypes = SharedAccessAccountResourceTypes.Service,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOnly,
};
return(storageAccount.GetSharedAccessSignature(policy));
}
public static String GetQueueSasToken(String connectionString)
{
CloudStorageAccount account = CloudStorageAccount.Parse(connectionString);
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions =
SharedAccessAccountPermissions.Read |
SharedAccessAccountPermissions.Write |
SharedAccessAccountPermissions.Delete |
SharedAccessAccountPermissions.Add |
SharedAccessAccountPermissions.Create |
SharedAccessAccountPermissions.ProcessMessages |
SharedAccessAccountPermissions.Update |
SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Queue,
ResourceTypes =
SharedAccessAccountResourceTypes.Service |
SharedAccessAccountResourceTypes.Container |
SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1),
Protocols = SharedAccessProtocol.HttpsOnly
};
return(account.GetSharedAccessSignature(policy));
}
public IndexModel(ILogger <IndexModel> logger, IConfiguration configuration)
{
_logger = logger;
_configuration = configuration;
var StorageConnectionString = _configuration["StorageConnectionString"];
var storageAccount = CloudStorageAccount.Parse(StorageConnectionString);
_tableClient = storageAccount.CreateCloudTableClient(new TableClientConfiguration());
var blobServiceClient = new BlobServiceClient(StorageConnectionString);
_blobContainerClient = blobServiceClient.GetBlobContainerClient(WavBlobName);
var policy = new SharedAccessAccountPolicy()
{
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(25),
//SharedAccessExpiryTime = DateTime.UtcNow.AddDays(3),
Permissions = SharedAccessAccountPermissions.Read,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object
};
_storageSasToken = storageAccount.GetSharedAccessSignature(policy);
}
public override void ExecuteCmdlet()
{
if (!UseTrack2Sdk()) // Track1
{
var sharedAccessPolicy = new SharedAccessAccountPolicy()
{
Permissions = SetupAccessPolicyPermission(this.Permission),
Services = Service,
ResourceTypes = ResourceType,
Protocols = Protocol,
IPAddressOrRange = Util.SetupIPAddressOrRangeForSAS(this.IPAddressOrRange)
};
DateTimeOffset?accessStartTime;
DateTimeOffset?accessEndTime;
SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime,
out accessStartTime, out accessEndTime, true);
sharedAccessPolicy.SharedAccessStartTime = accessStartTime;
sharedAccessPolicy.SharedAccessExpiryTime = accessEndTime;
this.WriteObject(Channel.GetStorageAccountSASToken(sharedAccessPolicy));
}
else
{
AccountSasBuilder sasBuilder = SasTokenHelper.SetAccountSasBuilder(this.Service, this.ResourceType, Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol);
string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(Channel.StorageContext.StorageAccountName, Channel.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString();
if (sasToken[0] != '?')
{
sasToken = "?" + sasToken;
}
this.WriteObject(sasToken);
}
}
protected void Page_Load(object sender, EventArgs e)
{
string clientIP = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
clientIP = clientIP.Substring(0, clientIP.IndexOf(':'));
IPAddressOrRange clientIPRange = new IPAddressOrRange(clientIP);
ConnectionStringSettings storageConnectionStr = WebConfigurationManager.ConnectionStrings["StorageAccount"];
string ConnectionString = storageConnectionStr.ConnectionString;
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConnectionString);
//Create container webcam if it does not exist.
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer blobContainer = blobClient.GetContainerReference("webcam");
blobContainer.CreateIfNotExists();
// Create a new access policy for the account.
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Delete,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Container,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Protocols = SharedAccessProtocol.HttpsOnly,
IPAddressOrRange = clientIPRange,
};
// Return the SAS token and container Uri. Javascript will use these value to upload image.
string sasToken = storageAccount.GetSharedAccessSignature(policy);
blobAccountTextbox.Text = blobClient.StorageUri.PrimaryUri.ToString();
sasTokenTextBox.Text = sasToken;
}
/// <summary>
/// Creates an Account SAS Token
/// </summary>
/// <returns>A SAS token.</returns>
private static string GetAccountSASToken()
{
// Retrieve storage account information from connection string
CloudStorageAccount storageAccount = Cfg.GetAccount();
// Create a new access policy for the account with the following properties:
// Permissions: Read, Write, List, Create, Delete
// ResourceType: Container
// Expires in 24 hours
// Protocols: HTTPS or HTTP (note that the storage emulator does not support HTTPS)
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
// When the start time for the SAS is omitted, the start time is assumed to be the time when the storage service receives the request.
// Omitting the start time for a SAS that is effective immediately helps to avoid clock skew.
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Delete,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOrHttp
};
// Create new storage credentials using the SAS token.
string sasToken = storageAccount.GetSharedAccessSignature(policy);
// Return the SASToken
return(sasToken);
}
private string GetSasTokenForImportExport()
{
// Recommended to address possible clock skew, see
// https://docs.microsoft.com/azure/storage/common/storage-dotnet-shared-access-signature-part-1#best-practices-when-using-sas
const int CLOCK_SKEW_MINUTES = 15;
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(this.config.IoTHubImportStorageAccount);
// Note:
// 1. don't set start time, so the token is valid immediately and not affected by clock skew
// 2. for clients using a REST version prior to 2012-02-12, the maximum duration for a SAS that does
// NOT reference a stored access policy is 1 hour
var policy = new SharedAccessAccountPolicy
{
Permissions = SharedAccessAccountPermissions.Read
| SharedAccessAccountPermissions.Write
| SharedAccessAccountPermissions.Delete
| SharedAccessAccountPermissions.Add
| SharedAccessAccountPermissions.Create
| SharedAccessAccountPermissions.Update,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(JOB_SAS_TOKEN_DURATION_HOURS * 60 + CLOCK_SKEW_MINUTES),
Protocols = SharedAccessProtocol.HttpsOnly
};
return(storageAccount.GetSharedAccessSignature(policy));
}
private string AddSasToUser(WebPortfolioContext _context, string username)
{
// Search the user which has added recently
Users addedUser = (from u in _context.Users
where u.Username == username
select u).FirstOrDefault();
// Storage account
var storageAccount = CloudStorageAccount.Parse(connectionString);
// Generate a SAS token for the user's container/object to Webportfolio's Storage Account
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Write |
SharedAccessAccountPermissions.Create |
SharedAccessAccountPermissions.Read |
SharedAccessAccountPermissions.Delete |
SharedAccessAccountPermissions.Add |
SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Container,
SharedAccessStartTime = DateTime.UtcNow.AddHours(-1),
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(1),
Protocols = SharedAccessProtocol.HttpsOnly,
};
string sasToken = storageAccount.GetSharedAccessSignature(policy);
// Save the SAS token to database
addedUser.SasToken = sasToken;
_context.SaveChanges();
return(sasToken);
}
/// <summary>
/// Creates an Account SAS Token
/// </summary>
/// <param name="storageAccount">The storage account object</param>
/// <returns>sasToken</returns>
private static string GetAccountSASToken()
{
// Retrieve storage account information from connection string
// How to create a storage connection string - http://msdn.microsoft.com/en-us/library/azure/ee758697.aspx
CloudStorageAccount storageAccount = CreateStorageAccountFromConnectionString(CloudConfigurationManager.GetSetting("StorageConnectionString"));
// Create a new access policy for the account with the following properties:
// Permissions: Read, Write, List, Create, Delete
// ResourceType: Container
// Expires in 24 hours
// Protocols: Https or Http (As Emulator does not yet support Https)
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Delete,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOrHttp
};
// Create new storage credentials using the SAS token.
string sasToken = storageAccount.GetSharedAccessSignature(policy);
// Return the SASToken
return(sasToken);
}
private static void ValidateSASService(
SharedAccessAccountServices expectedService,
string sasService)
{
string serviceString = SharedAccessAccountPolicy.ServicesToString(expectedService);
Test.Assert(string.Equals(sasService, serviceString), "Service: {0} == {1}", serviceString, sasService);
}
private static void ValidateResourceType(
SharedAccessAccountResourceTypes expectedResourceType,
string sasResourceType)
{
string resourceTypeString = SharedAccessAccountPolicy.ResourceTypesToString(expectedResourceType);
Test.Assert(string.Equals(sasResourceType, resourceTypeString), "Resource type: {0} == {1}", resourceTypeString, sasResourceType);
}
public string GetStorageSasToken()
{
CloudStorageAccount storageAccount = InitializeStorageAccount();
SharedAccessAccountPolicy policy = GetPolicy();
string sasToken = storageAccount.GetSharedAccessSignature(policy);
return(sasToken);
}
public string GetSharedAccessSignature(SharedAccessAccountPolicy policy)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
return(this.account.GetSharedAccessSignature(policy));
}
public string GenerateSASToken()
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(configuration.GetConnectionString("AzureBlobStorage"));
var policy = new SharedAccessAccountPolicy
{
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(5),
Permissions = SharedAccessAccountPermissions.Read
};
return(storageAccount.GetSharedAccessSignature(policy));
}
private string GetSASToken()
{
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.Now.AddMinutes(1)
};
return(_storageAccount.GetSharedAccessSignature(policy));
}
public static string GetSASToken(CloudStorageAccount sa)
{
SharedAccessAccountPolicy saap = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.Now.AddMinutes(30),
Protocols = SharedAccessProtocol.HttpsOrHttp
};
return(sa.GetSharedAccessSignature(saap));
}
static string GetSASToken(CloudStorageAccount storageAccount)
{
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.Now.AddMinutes(30),
Protocols = SharedAccessProtocol.HttpsOnly
};
return(storageAccount.GetSharedAccessSignature(policy));
}
static string GetSasToken()
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(STORAGE_ACCOUNT_CONN_STRING);
var policy = new SharedAccessAccountPolicy
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.Delete,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(60),
Protocols = SharedAccessProtocol.HttpsOnly
};
return(storageAccount.GetSharedAccessSignature(policy));
}
public void GenerateSas(CloudStorageAccount storage)
{
var constraints = new SharedAccessAccountPolicy
{
Protocols = SharedAccessProtocol.HttpsOrHttp,
Services = SharedAccessAccountServices.File,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(1),
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List,
ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object
};
Sas = storage.GetSharedAccessSignature(constraints);
}
public void LeaseWithoutEnoughPermission()
{
string containerName = Utility.GenNameString("container");
string blobName = Utility.GenNameString("blob");
CloudBlobContainer container = blobUtil.CreateContainer(containerName);
try
{
CloudBlob blob = blobUtil.CreateRandomBlob(container, blobName);
string containerSasToken = string.Empty;
// Create a container SAS
Test.Assert(CommandAgent.NewAzureStorageContainerSAS(containerName, string.Empty, "rl", DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromMinutes(5)),
Utility.GenComparisonData("container sas create", true));
if (lang == Language.NodeJS)
{
containerSasToken = (CommandAgent as NodeJSAgent).Output[0]["sas"] as string;
}
// Create an account SAS
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read,
ResourceTypes = SharedAccessAccountResourceTypes.Container,
Services = SharedAccessAccountServices.Blob,
SharedAccessStartTime = DateTimeOffset.UtcNow,
SharedAccessExpiryTime = DateTimeOffset.UtcNow + TimeSpan.FromMinutes(5)
};
string accountSasToken = Utility.GenerateAccountSAS(policy);
CommandAgent.SetStorageContextWithSASToken(StorageAccount.Credentials.AccountName, accountSasToken);
Test.Assert(!CommandAgent.AcquireLease(containerName, null), Utility.GenComparisonData("Acquire Lease", false));
CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name);
Test.Assert(!CommandAgent.AcquireLease(containerName, blobName), Utility.GenComparisonData("Acquire Lease", false));
CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name);
CommandAgent.SetStorageContextWithSASToken(StorageAccount.Credentials.AccountName, containerSasToken);
Test.Assert(!CommandAgent.AcquireLease(containerName, null), Utility.GenComparisonData("Acquire Lease", false));
CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name);
Test.Assert(!CommandAgent.AcquireLease(containerName, blobName), Utility.GenComparisonData("Acquire Lease", false));
CommandAgent.ValidateErrorMessage(MethodBase.GetCurrentMethod().Name);
}
finally
{
blobUtil.RemoveContainer(containerName);
}
}
protected string GetSharedAccessSignature()
{
var sharePolicy = new SharedAccessAccountPolicy()
{
Services = SharedAccessAccountServices.Blob,
Permissions = SharedAccessAccountPermissions.Read,
ResourceTypes = SharedAccessAccountResourceTypes.Object,
Protocols = SharedAccessProtocol.HttpsOnly
};
var token = StorageAccount.GetSharedAccessSignature(sharePolicy);
return(token);
}
string GetSas(SharedAccessAccountPermissions permissions)
{
var policy = new SharedAccessAccountPolicy
{
Permissions = permissions,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTimeOffset.Now.AddDays(1),
Protocols = SharedAccessProtocol.HttpsOrHttp,
};
var sasToken = _storageAccount.GetSharedAccessSignature(policy);
return(_container.Uri + sasToken);
}
private static string GetAccountSASToken()
{
const string connectionString = "";
CloudStorageAccount cloudStorageAccount = CloudStorageAccount.Parse(connectionString);
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOnly
};
return(cloudStorageAccount.GetSharedAccessSignature(policy));
}
public string GetAccountSASToken()
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(_connectionString);
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read,
Services = SharedAccessAccountServices.Table,
ResourceTypes = SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Protocols = SharedAccessProtocol.HttpsOnly
};
return(storageAccount.GetSharedAccessSignature(policy));
}
//ALL PRIVATE CONTAINER
public static string GenerateAccountSASToken()
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(storageConnectionString);
// Create a new access policy for the account.
SharedAccessAccountPolicy policy = new SharedAccessAccountPolicy()
{
Permissions = SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.List,
Services = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Service | SharedAccessAccountResourceTypes.Object,
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(sasTokenExpireTime), //Token ExpireTime is sasTokenExpireTime hour
Protocols = SharedAccessProtocol.HttpsOnly
};
return(storageAccount.GetSharedAccessSignature(policy));
}
public override Task <StorageTokenSettingsResult> ExecuteAsync(object request)
{
var retResult = new StorageTokenSettingsResult();
string connectionString = _config["BlobStorage:ConnectionString"];
string expiryTimeSpanString = _config["BlobStorage:TokenExpiryTimeSpanInMinutes"];
double expiryMinutes = double.Parse(expiryTimeSpanString);
var expires = DateTimeOffset.UtcNow.AddMinutes(expiryMinutes);
try
{
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString); //throws format exception if not in correct format
SharedAccessAccountPolicy accessPolicy = new SharedAccessAccountPolicy()
{
//Permissions = SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write,
Permissions = SharedAccessAccountPermissions.Add | SharedAccessAccountPermissions.Create | SharedAccessAccountPermissions.Read | SharedAccessAccountPermissions.Write | SharedAccessAccountPermissions.List,
Protocols = SharedAccessProtocol.HttpsOnly,
Services = SharedAccessAccountServices.Blob,
ResourceTypes = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object,
//SharedAccessStartTime = DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(15)), //NOTE: Leaving value blank will make it valid immediately - safter for time zone reasons
SharedAccessExpiryTime = expires,
};
string token = storageAccount.GetSharedAccessSignature(accessPolicy);
//NOTE: local storage endpoint will point to: https://<account-name>.blob.core.windows.net/ - this needs to be replaced by http://127.0.0.1:10000/<account-name>/<resource-path>
var settings = new CloudStorageSettings()
{
SharedAccessSignature = token,
SharedAccessSignatureExpires = expires,
DocumentStorageContainerName = "document-container-test",
ImageStorageContainerName = "image-container-test",
AccountName = storageAccount.Credentials.AccountName,
ConnectionString = $"SharedAccessSignature={token.TrimStart('?')};BlobEndpoint={storageAccount.BlobEndpoint.AbsoluteUri}",
BlobStorageEndpoint = storageAccount.BlobEndpoint.AbsoluteUri
};
retResult.StorageSettings = settings;
}
catch (FormatException)
{
retResult.Notification.Add("Connection String was not in the correct format");
}
return(Task.FromResult(retResult));
}
