private static void TestAccess(string sasToken, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers, CloudBlobContainer container, CloudBlob blob) { CloudBlob SASblob; StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(credentials.TransformUri(container.Uri)); if (blob.BlobType == BlobType.BlockBlob) { SASblob = container.GetBlockBlobReference(blob.Name); } else if (blob.BlobType == BlobType.PageBlob) { SASblob = container.GetPageBlobReference(blob.Name); } else { SASblob = container.GetAppendBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { SASblob = new CloudBlockBlob(credentials.TransformUri(blob.Uri)); } else if (blob.BlobType == BlobType.PageBlob) { SASblob = new CloudPageBlob(credentials.TransformUri(blob.Uri)); } else { SASblob = new CloudAppendBlob(credentials.TransformUri(blob.Uri)); } } HttpStatusCode failureCode = sasToken == null ? HttpStatusCode.NotFound : HttpStatusCode.Forbidden; // We want to ensure that 'create', 'add', and 'write' permissions all allow for correct writing of blobs, as is reasonable. if (((permissions & SharedAccessBlobPermissions.Create) == SharedAccessBlobPermissions.Create) || ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write)) { if (blob.BlobType == BlobType.PageBlob) { CloudPageBlob SASpageBlob = (CloudPageBlob)SASblob; SASpageBlob.Create(512); CloudPageBlob pageBlob = (CloudPageBlob)blob; byte[] buffer = new byte[512]; buffer[0] = 2; // random data if (((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write)) { SASpageBlob.UploadFromByteArray(buffer, 0, 512); } else { TestHelper.ExpectedException( () => SASpageBlob.UploadFromByteArray(buffer, 0, 512), "pageBlob SAS token without Write perms should not allow for writing/adding", failureCode); pageBlob.UploadFromByteArray(buffer, 0, 512); } } else if (blob.BlobType == BlobType.BlockBlob) { if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { UploadText(SASblob, "blob", Encoding.UTF8); } else { TestHelper.ExpectedException( () => UploadText(SASblob, "blob", Encoding.UTF8), "Block blob SAS token without Write or perms should not allow for writing", failureCode); UploadText(blob, "blob", Encoding.UTF8); } } else // append blob { // If the sas token contains Feb 2012, append won't be accepted if (sasToken.Contains(Constants.VersionConstants.February2012)) { UploadText(blob, "blob", Encoding.UTF8); } else { CloudAppendBlob SASAppendBlob = SASblob as CloudAppendBlob; SASAppendBlob.CreateOrReplace(); byte[] textAsBytes = Encoding.UTF8.GetBytes("blob"); using (MemoryStream stream = new MemoryStream()) { stream.Write(textAsBytes, 0, textAsBytes.Length); stream.Seek(0, SeekOrigin.Begin); if (((permissions & SharedAccessBlobPermissions.Add) == SharedAccessBlobPermissions.Add) || ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write)) { SASAppendBlob.AppendBlock(stream, null); } else { TestHelper.ExpectedException( () => SASAppendBlob.AppendBlock(stream, null), "Append blob SAS token without Write or Add perms should not allow for writing/adding", failureCode); stream.Seek(0, SeekOrigin.Begin); ((CloudAppendBlob)blob).AppendBlock(stream, null); } } } } } else { TestHelper.ExpectedException( () => UploadText(SASblob, "blob", Encoding.UTF8), "UploadText SAS does not allow for writing/adding", ((blob.BlobType == BlobType.AppendBlob) && (sasToken != null) && (sasToken.Contains(Constants.VersionConstants.February2012))) ? HttpStatusCode.BadRequest : failureCode); UploadText(blob, "blob", Encoding.UTF8); } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { container.ListBlobs().ToArray(); } else { TestHelper.ExpectedException( () => container.ListBlobs().ToArray(), "List blobs while SAS does not allow for listing", failureCode); } } // need to have written to the blob to read from it. if (((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read)) { SASblob.FetchAttributes(); // Test headers if (headers != null) { if (headers.CacheControl != null) { Assert.AreEqual(headers.CacheControl, SASblob.Properties.CacheControl); } if (headers.ContentDisposition != null) { Assert.AreEqual(headers.ContentDisposition, SASblob.Properties.ContentDisposition); } if (headers.ContentEncoding != null) { Assert.AreEqual(headers.ContentEncoding, SASblob.Properties.ContentEncoding); } if (headers.ContentLanguage != null) { Assert.AreEqual(headers.ContentLanguage, SASblob.Properties.ContentLanguage); } if (headers.ContentType != null) { Assert.AreEqual(headers.ContentType, SASblob.Properties.ContentType); } } } else { TestHelper.ExpectedException( () => SASblob.FetchAttributes(), "Fetch blob attributes while SAS does not allow for reading", failureCode); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { SASblob.SetMetadata(); } else { TestHelper.ExpectedException( () => SASblob.SetMetadata(), "Set blob metadata while SAS does not allow for writing", failureCode); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { SASblob.Delete(); } else { TestHelper.ExpectedException( () => SASblob.Delete(), "Delete blob while SAS does not allow for deleting", failureCode); } }
/// <summary> /// Checks for the existence of a specific storage container, if it doesn't exist it will create it. /// </summary> /// <param name="client">The <see cref="StorageManagementClient"/> that is performing the operation.</param> /// <param name="accountName">The name of the storage account that we want to create the container in.</param> /// <param name="containerName">The name of the container that we are about to create.</param> /// <param name="publicAccess">The public access level for the container.</param> /// <param name="permissions">The set of permissions that the ACL for this container must have.</param> /// <returns>The async <see cref="Task"/> wrapper.</returns> public static async Task CreateContainerIfNotExistsAsync( this StorageManagementClient client, string accountName, string containerName, BlobContainerPublicAccessType publicAccess, SharedAccessBlobPermissions permissions) { Contract.Requires(client != null); Contract.Requires(!string.IsNullOrWhiteSpace(accountName)); Contract.Requires(!string.IsNullOrWhiteSpace(containerName)); Contract.Requires(containerName.Length >= 3); Contract.Requires(containerName.Length <= 63); var key = (await client.StorageAccounts.GetKeysAsync(accountName)).PrimaryKey; var storageAccount = CloudStorageAccount.Parse($"DefaultEndpointsProtocol=https;AccountName={accountName};AccountKey={key}"); var container = storageAccount.CreateCloudBlobClient().GetContainerReference(containerName); await container.CreateIfNotExistsAsync(); await container.SetPermissionsAsync(new BlobContainerPermissions { PublicAccess = publicAccess }); FlexStreams.BuildEventsObserver.OnNext(new ProvisionEvent(AzureResource.StorageContainer, containerName)); var acl = container.GetSharedAccessSignature(new SharedAccessBlobPolicy { Permissions = permissions }); FlexStreams.BuildEventsObserver.OnNext(new StorageKeyEvent(accountName, containerName, acl)); }
/// <summary> /// Converts the permissions specified for the shared access policy to a string. /// </summary> /// <param name="permissions">The shared access permissions.</param> /// <returns>The shared access permissions in string format.</returns> public static string PermissionsToString(SharedAccessBlobPermissions permissions) { // The service supports a fixed order => rwdl StringBuilder builder = new StringBuilder(); if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { builder.Append("r"); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { builder.Append("w"); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { builder.Append("d"); } if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { builder.Append("l"); } return builder.ToString(); }
public Uri GetUri(SharedAccessBlobPermissions permissions) { var policy = new SharedAccessBlobPolicy { SharedAccessExpiryTime = DateTime.UtcNow.AddDays(31.0), Permissions = permissions }; return new Uri(_containerReference.Uri, _containerReference.GetSharedAccessSignature(policy) + "&comp=list&restype=container"); }
public string GetSasForBlob(CloudBlockBlob blob, SharedAccessBlobPermissions permission) { var sas = blob.GetSharedAccessSignature(new SharedAccessBlobPolicy() { Permissions = permission, SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(2), }); return string.Format(CultureInfo.InvariantCulture, "{0}{1}", blob.Uri, sas); }
public static string GetSasUrl(ICloudBlob blob, SharedAccessBlobPermissions permissions) { var policy = new SharedAccessBlobPolicy { SharedAccessExpiryTime = DateTime.Now.AddMinutes(30), Permissions = permissions }; string sasBlobToken = blob.GetSharedAccessSignature(policy); //Return the URI string for the container, including the SAS token. return blob.Uri + sasBlobToken; }
public static string GenerateBlobStorageSasUrl(string connectionString, string blobContainerName, DateTime expiryTime, SharedAccessBlobPermissions permissions) { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString); CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient(); CloudBlobContainer blobContainer = blobClient.GetContainerReference(blobContainerName); blobContainer.CreateIfNotExists(); var sasToken = blobContainer.GetSharedAccessSignature( new SharedAccessBlobPolicy() { SharedAccessExpiryTime = expiryTime, Permissions = permissions }); return blobContainer.Uri + sasToken; }
public static string CreateContainerWithPolicySASIfNotExist(string account, string key, string container, string policy, DateTime start, DateTime end, SharedAccessBlobPermissions permissions) { // 1. form the credentail and initial client CloudStorageAccount storageaccount = new CloudStorageAccount(new WindowsAzure.Storage.Auth.StorageCredentials(account, key), false); CloudBlobClient client = storageaccount.CreateCloudBlobClient(); // 2. create container if it doesn't exist CloudBlobContainer storagecontainer = client.GetContainerReference(container); storagecontainer.CreateIfNotExists(); // 3. validate policy, create/overwrite if doesn't match bool policyFound = false; SharedAccessBlobPolicy accesspolicy = new SharedAccessBlobPolicy() { SharedAccessExpiryTime = end, SharedAccessStartTime = start, Permissions = permissions }; BlobContainerPermissions blobPermissions = storagecontainer.GetPermissions(); if (blobPermissions.SharedAccessPolicies.ContainsKey(policy)) { SharedAccessBlobPolicy containerpolicy = blobPermissions.SharedAccessPolicies[policy]; if (!(permissions == (containerpolicy.Permissions & permissions) && start <= containerpolicy.SharedAccessStartTime && end >= containerpolicy.SharedAccessExpiryTime)) { blobPermissions.SharedAccessPolicies[policy] = accesspolicy; } else { policyFound = true; } } else { blobPermissions.SharedAccessPolicies.Add(policy, accesspolicy); } if (!policyFound) { storagecontainer.SetPermissions(blobPermissions); } // 4. genereate SAS and return string containerSAS = storagecontainer.GetSharedAccessSignature(new SharedAccessBlobPolicy(), policy); string containerUrl = storagecontainer.Uri.AbsoluteUri + containerSAS; return containerUrl; }
/// <summary> /// Gets a blob container's SAS token /// </summary> /// <param name="containerName">The container name</param> /// <param name="permissions">The permissions</param> /// <param name="minutes">Number of minutes the permissions are effective</param> /// <returns>System.String - The SAS token</returns> public string GetBlobContainerSASToken( string containerName, SharedAccessBlobPermissions permissions, int minutes) { var client = _account.CreateCloudBlobClient(); var policy = new SharedAccessBlobPolicy(); policy.Permissions = permissions; policy.SharedAccessStartTime = System.DateTime.UtcNow.AddMinutes(-10); policy.SharedAccessExpiryTime = System.DateTime.UtcNow.AddMinutes(10); var container = client.GetContainerReference(containerName); //Get the SAS token for the container. var sasToken = container.GetSharedAccessSignature(policy); return sasToken; }
/// <summary> /// Creates the shared access BLOB policy. /// </summary> /// <param name="permissions">The permissions.</param> /// <param name="expireOffsetInMinute">The expire offset in minute.</param> /// <returns>SharedAccessBlobPolicy.</returns> protected static SharedAccessBlobPolicy CreateSharedAccessBlobPolicy(SharedAccessBlobPermissions permissions, int expireOffsetInMinute = 10) { return new SharedAccessBlobPolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(expireOffsetInMinute), Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.List }; }
/// <summary> /// Creates the container URI. /// </summary> /// <param name="containerName">Name of the container.</param> /// <param name="expireOffsetInMinute">The expire offset in minute.</param> /// <param name="permission">The permission.</param> /// <returns>System.String.</returns> /// <exception cref="InvalidObjectException">Container;null</exception> public string CreateContainerUri(string containerName, int expireOffsetInMinute = 10, SharedAccessBlobPermissions permission = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read) { try { containerName.CheckEmptyString("containerName"); CloudBlobContainer container = blobClient.GetContainerReference(containerName); if (!container.Exists()) { throw new InvalidObjectException("Container", null, containerName); } return GenerateContainerUri(container, expireOffsetInMinute, permission); } catch (Exception ex) { throw ex.Handle("CreateContainerUri", new { containerName, expireOffsetInMinute, permission }); } }
/// <summary> /// Gets the container sas URI. /// </summary> /// <param name="container">The container.</param> /// <param name="expireOffsetInMinute">The expire offset in minute.</param> /// <param name="permission">The permission.</param> /// <returns>System.String.</returns> protected static string GenerateContainerUri(CloudBlobContainer container, int expireOffsetInMinute = 10, SharedAccessBlobPermissions permission = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read) { //Set the expiry time and permissions for the container. //In this case no start time is specified, so the shared access signature becomes valid immediately. var sasConstraints = new SharedAccessBlobPolicy(); sasConstraints.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(expireOffsetInMinute); sasConstraints.Permissions = permission; //Generate the shared access signature on the container, setting the constraints directly on the signature. string sasContainerToken = container.GetSharedAccessSignature(sasConstraints); //Return the URI string for the container, including the SAS token. return container.Uri + sasContainerToken; }
public async Task <Result <TokenDtoOutput> > GenerateToken(string permissionsStorage, int size, int limit, SharedAccessBlobPermissions permissions, string blobName) { var storageAccount = CloudStorageAccount.Parse(_settings.StorageAccountConnection); var blobClient = storageAccount.CreateCloudBlobClient(); var containerName = _userInfo.UserId; CloudBlobContainer container = blobClient.GetContainerReference(containerName); await container.CreateIfNotExistsAsync(); if (permissionsStorage == "Write") { long fileSize = size; BlobContinuationToken continuationToken = null; CloudBlob blob; var segmentSize = 100; do { BlobResultSegment resultSegment = await container.ListBlobsSegmentedAsync(string.Empty, true, BlobListingDetails.Metadata, segmentSize, continuationToken, null, null); foreach (var blobItem in resultSegment.Results) { blob = (CloudBlob)blobItem; fileSize += blob.Properties.Length; if (limit <= fileSize) { return(_result.Create <TokenDtoOutput>(false, "Upgrade", null)); } } continuationToken = resultSegment.ContinuationToken; } while (continuationToken != null); } var sasToken = GetBlobSasToken(container, blobName, permissions); /* * var sasToken = * data.blobName != null ? * GetBlobSasToken(container, data.blobName.ToString(), permissions) : * GetContainerSasToken(container, permissions); */ var uri = ""; if (permissionsStorage == "Read") { uri = container.Uri + "/" + blobName + sasToken; } if (permissionsStorage == "Delete") { uri = storageAccount.BlobEndpoint.AbsoluteUri + sasToken; } if (permissionsStorage == "Write") { uri = storageAccount.BlobEndpoint.AbsoluteUri + sasToken; } var tokenModel = new TokenDtoOutput { Container = containerName, BlobName = blobName, Token = sasToken, Permission = permissionsStorage, Uri = uri }; return(_result.Create <TokenDtoOutput>(true, "", tokenModel)); }
private static void TestAccess(string sasToken, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers, CloudBlobContainer container, ICloudBlob blob) { StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(credentials.TransformUri(container.Uri)); if (blob.BlobType == BlobType.BlockBlob) { blob = container.GetBlockBlobReference(blob.Name); } else { blob = container.GetPageBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { blob = new CloudBlockBlob(credentials.TransformUri(blob.Uri)); } else { blob = new CloudPageBlob(credentials.TransformUri(blob.Uri)); } } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { container.ListBlobs().ToArray(); } else { TestHelper.ExpectedException( () => container.ListBlobs().ToArray(), "List blobs while SAS does not allow for listing", HttpStatusCode.NotFound); } } if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { blob.FetchAttributes(); // Test headers if (headers != null) { if (headers.CacheControl != null) { Assert.AreEqual(headers.CacheControl, blob.Properties.CacheControl); } if (headers.ContentDisposition != null) { Assert.AreEqual(headers.ContentDisposition, blob.Properties.ContentDisposition); } if (headers.ContentEncoding != null) { Assert.AreEqual(headers.ContentEncoding, blob.Properties.ContentEncoding); } if (headers.ContentLanguage != null) { Assert.AreEqual(headers.ContentLanguage, blob.Properties.ContentLanguage); } if (headers.ContentType != null) { Assert.AreEqual(headers.ContentType, blob.Properties.ContentType); } } } else { TestHelper.ExpectedException( () => blob.FetchAttributes(), "Fetch blob attributes while SAS does not allow for reading", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { blob.SetMetadata(); } else { TestHelper.ExpectedException( () => blob.SetMetadata(), "Set blob metadata while SAS does not allow for writing", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { blob.Delete(); } else { TestHelper.ExpectedException( () => blob.Delete(), "Delete blob while SAS does not allow for deleting", HttpStatusCode.NotFound); } }
public static string GetBlobSasToken(CloudBlobContainer container, string blobName, SharedAccessBlobPermissions permissions, string policyName = null) { string sasBlobToken; // Get a reference to a blob within the container. // Note that the blob may not exist yet, but a SAS can still be created for it. CloudBlockBlob blob = container.GetBlockBlobReference(blobName); if (policyName == null) { var adHocSas = CreateAdHocSasPolicy(permissions); // Generate the shared access signature on the blob, setting the constraints directly on the signature. sasBlobToken = blob.GetSharedAccessSignature(adHocSas); } else { // Generate the shared access signature on the blob. In this case, all of the constraints for the // shared access signature are specified on the container's stored access policy. sasBlobToken = blob.GetSharedAccessSignature(null, policyName); } return(sasBlobToken); }
public void WillReturnParseableSharedAccessSignature( SharedAccessBlobPermissions permissions, string expectedPermissions) { var container = new StandaloneAzureBlobContainer(new Uri(_containerPath)); Assert.Contains(expectedPermissions, container.GetSharedAccessSignature(new SharedAccessBlobPolicy { Permissions = permissions })); }
public static string GetSASUri(string blobUrlRoot, string storageAccoutnName, string primaryKey, string container, string filename, TimeSpan persmissionDuration, SharedAccessBlobPermissions permissionType) { // Set the destination string httpsBlobUrlRoot = string.Format("https:{0}", blobUrlRoot.Substring(blobUrlRoot.IndexOf('/'))); string vhdDestUri = httpsBlobUrlRoot + string.Format("{0}/{1}", container, filename); var destinationBlob = new CloudPageBlob(new Uri(vhdDestUri), new StorageCredentials(storageAccoutnName, primaryKey)); var policy2 = new SharedAccessBlobPolicy() { Permissions = permissionType, SharedAccessExpiryTime = DateTime.UtcNow.Add(persmissionDuration) }; var destinationBlobToken2 = destinationBlob.GetSharedAccessSignature(policy2); vhdDestUri += destinationBlobToken2; return(vhdDestUri); }
/// <summary> /// create a container if doesn't exist, setting permission with policy, and return assosciated SAS signature /// </summary> /// <param name="account">storage account</param> /// <param name="key">storage key</param> /// <param name="container">container to be created</param> /// <param name="policy">name for the policy</param> /// <param name="start">start time of the policy</param> /// <param name="end">expire time of the policy</param> /// <param name="permissions">permission on the name</param> /// <param name="blobUri">blob URI</param> /// <returns>the SAS for the container, in full URI format.</returns> private static string CreateContainerWithPolicySASIfNotExist(string account, string key, Uri blobUri, string container, string policy, DateTime start, DateTime end, SharedAccessBlobPermissions permissions) { // 1. form the credentail and initial client CloudStorageAccount storageaccount = new CloudStorageAccount(new Microsoft.WindowsAzure.Storage.Auth.StorageCredentials(account, key), blobEndpoint: blobUri, queueEndpoint: null, tableEndpoint: null, fileEndpoint: null); CloudBlobClient client = storageaccount.CreateCloudBlobClient(); // 2. create container if it doesn't exist CloudBlobContainer storagecontainer = client.GetContainerReference(container); storagecontainer.CreateIfNotExists(); // 3. validate policy, create/overwrite if doesn't match bool policyFound = false; SharedAccessBlobPolicy accesspolicy = new SharedAccessBlobPolicy() { SharedAccessExpiryTime = end, SharedAccessStartTime = start, Permissions = permissions }; BlobContainerPermissions blobPermissions = storagecontainer.GetPermissions(); if (blobPermissions.SharedAccessPolicies.ContainsKey(policy)) { SharedAccessBlobPolicy containerpolicy = blobPermissions.SharedAccessPolicies[policy]; if (!(permissions == (containerpolicy.Permissions & permissions) && start <= containerpolicy.SharedAccessStartTime && end >= containerpolicy.SharedAccessExpiryTime)) { blobPermissions.SharedAccessPolicies[policy] = accesspolicy; } else { policyFound = true; } } else { blobPermissions.SharedAccessPolicies.Add(policy, accesspolicy); } if (!policyFound) { storagecontainer.SetPermissions(blobPermissions); } // 4. genereate SAS and return string container_sas = storagecontainer.GetSharedAccessSignature(new SharedAccessBlobPolicy(), policy); string container_url = storagecontainer.Uri.AbsoluteUri + container_sas; return(container_url); }
private async Task TestAccessAsync(string sasToken, SharedAccessBlobPermissions permissions, CloudBlobContainer container, ICloudBlob blob) { OperationContext operationContext = new OperationContext(); StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(container.Uri, credentials); if (blob.BlobType == BlobType.BlockBlob) { blob = container.GetBlockBlobReference(blob.Name); } else { blob = container.GetPageBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { blob = new CloudBlockBlob(blob.Uri, credentials); } else { blob = new CloudPageBlob(blob.Uri, credentials); } } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { await container.ListBlobsSegmentedAsync(null); } else { await TestHelper.ExpectedExceptionAsync( async() => await container.ListBlobsSegmentedAsync(null, true, BlobListingDetails.None, null, null, null, operationContext), operationContext, "List blobs while SAS does not allow for listing", HttpStatusCode.NotFound); } } if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { await blob.FetchAttributesAsync(); } else { await TestHelper.ExpectedExceptionAsync( async() => await blob.FetchAttributesAsync(null, null, operationContext), operationContext, "Fetch blob attributes while SAS does not allow for reading", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { await blob.SetMetadataAsync(); } else { await TestHelper.ExpectedExceptionAsync( async() => await blob.SetMetadataAsync(null, null, operationContext), operationContext, "Set blob metadata while SAS does not allow for writing", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { await blob.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync( async() => await blob.DeleteAsync(DeleteSnapshotsOption.None, null, null, operationContext), operationContext, "Delete blob while SAS does not allow for deleting", HttpStatusCode.NotFound); } }
public async Task <string> GetBlobSASUrlFromBlobPathAsync(CloudStorageAccount storageAccount, string containerName, string blobPath, DateTimeOffset expiryDateTime, SharedAccessBlobPermissions policyPermissions = SharedAccessBlobPermissions.Read) { string result = string.Empty; if (storageAccount == null || string.IsNullOrWhiteSpace(containerName) || string.IsNullOrWhiteSpace(blobPath)) { return(result); } CloudBlob blob = await this.GetBlobFromPathAsync(storageAccount, containerName, blobPath); SharedAccessBlobPolicy sasBlobPolicy = new SharedAccessBlobPolicy { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), // For clock skew SharedAccessExpiryTime = expiryDateTime, Permissions = policyPermissions }; //Generate the shared access signature on the blob, setting the constraints directly on the signature. string sasBlobToken = blob.GetSharedAccessSignature(sasBlobPolicy); result = blob.Uri.AbsoluteUri + sasBlobToken; return(result); }
public async Task CreateSharedAccessPolicy(CloudBlobClient blobClient, CloudBlobContainer container, string policyName, DateTimeOffset?expiryDateTime, SharedAccessBlobPermissions policyPermissions = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read) { ValidationResult validationResult = new ValidationResult(); validationResult.Validations.AddItems(Validator.ValidateBlobClient(blobClient).Validations); validationResult.Validations.AddItems(Validator.ValidateContainer(container).Validations); if (!validationResult.IsValid) { return; } //Get the container's existing permissions. BlobContainerPermissions permissions = await container.GetPermissionsAsync(); //Create a new shared access policy and define its constraints. SharedAccessBlobPolicy sharedPolicy = new SharedAccessBlobPolicy() { SharedAccessExpiryTime = expiryDateTime, Permissions = policyPermissions }; //Add the new policy to the container's permissions, and set the container's permissions. permissions.SharedAccessPolicies.Add(policyName, sharedPolicy); await container.SetPermissionsAsync(permissions); }
public void AssertIdentifierInSharedAccessPolicies(SharedAccessBlobPolicies sharedAccessPolicies, Basic.Azure.Storage.Communications.Common.BlobSignedIdentifier expectedIdentifier, SharedAccessBlobPermissions permissions) { var policy = sharedAccessPolicies.Where(i => i.Key.Equals(expectedIdentifier.Id, StringComparison.InvariantCultureIgnoreCase)).FirstOrDefault(); Assert.IsNotNull(policy); Assert.AreEqual(expectedIdentifier.AccessPolicy.StartTime, policy.Value.SharedAccessStartTime.Value.UtcDateTime); Assert.AreEqual(expectedIdentifier.AccessPolicy.Expiry, policy.Value.SharedAccessExpiryTime.Value.UtcDateTime); Assert.IsTrue(policy.Value.Permissions.HasFlag(permissions)); }
private static void TestBlobSAS(ICloudBlob testBlob, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers) { TestBlobSAS(testBlob, permissions, headers, null); }
public async Task <Result <TokenDtoOutput> > GenerateToken(string permissionsStorage, int size, int limit, SharedAccessBlobPermissions permissions, string blobName) { return(await _token.GenerateToken(permissionsStorage, size, limit, permissions, blobName)); }
private static async Task TestBlobSASAsync(CloudBlob testBlob, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers) { await UploadTextAsync(testBlob, "blob", Encoding.UTF8); SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = permissions, }; string sasToken = testBlob.GetSharedAccessSignature(policy, headers); await TestAccessAsync(sasToken, permissions, headers, null, testBlob); }
public string GetSharedAccessSignature(SharedAccessBlobPermissions permissions, DateTimeOffset?endOfAccess) { throw new NotImplementedException(); }
public string GetBlobSASUrlFromBlob(ICloudBlob blob, DateTimeOffset expiryDateTime, SharedAccessBlobPermissions policyPermissions = SharedAccessBlobPermissions.Read) { string result = string.Empty; if (blob == null) { return(result); } SharedAccessBlobPolicy sasBlobPolicy = new SharedAccessBlobPolicy { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), // For clock skew SharedAccessExpiryTime = expiryDateTime, Permissions = policyPermissions }; //Generate the shared access signature on the blob, setting the constraints directly on the signature. string sasBlobToken = blob.GetSharedAccessSignature(sasBlobPolicy); result = blob.Uri.AbsoluteUri + sasBlobToken; return(result); }
private string GetBlobSasUri(CloudBlobClient stClient, string containerName, string BlobName, SharedAccessBlobPermissions Permissions, int hours) { //Get a reference to a blob within the container. CloudBlobContainer container = stClient.GetContainerReference(containerName); container.CreateIfNotExists(); CloudBlockBlob blob = container.GetBlockBlobReference(BlobName); SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddHours(hours), Permissions = Permissions }; string sasBlobToken = blob.GetSharedAccessSignature(sasConstraints); return(blob.Uri + sasBlobToken); }
/// <summary> /// Creates the BLOB URI. /// </summary> /// <param name="containerName">Name of the container.</param> /// <param name="blobIdentifier">The BLOB identifier.</param> /// <param name="expireOffsetInMinute">The expire offset in minute.</param> /// <param name="permission">The permission.</param> /// <returns>BinaryStorageActionCredential.</returns> /// <exception cref="InvalidObjectException">Container;null</exception> protected BinaryStorageActionCredential CreateBlobUri(string containerName, string blobIdentifier, int expireOffsetInMinute = 10, SharedAccessBlobPermissions permission = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read) { try { containerName.CheckEmptyString("containerName"); var container = blobClient.GetContainerReference(containerName); if (!container.Exists()) { throw new InvalidObjectException("Container", null, containerName); } return GenerateBlobUri(container, blobIdentifier, expireOffsetInMinute, permission); } catch (Exception ex) { throw ex.Handle("CreateBlobUri", new { containerName, expireOffsetInMinute, permission }); } }
//SAS public static string GetBlobSasToken(string connectionString, string blobContainer, string blobName, SharedAccessBlobPermissions permissions, string policyName = null) { CloudBlobContainer cloudBlobContainer = null; string sasBlobToken = ""; if (CloudStorageAccount.TryParse(connectionString, out CloudStorageAccount storageAccount)) { CloudBlobClient cloudBlobClient = storageAccount.CreateCloudBlobClient(); // Create a container called 'uploaddownloadblob' and append a GUID value to it to make the name unique. cloudBlobContainer = cloudBlobClient.GetContainerReference(blobContainer); CloudBlockBlob cloudBlockBlob = cloudBlobContainer.GetBlockBlobReference(blobName); SharedAccessBlobPolicy adHocSas = new SharedAccessBlobPolicy { //Access is Valid for a week SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1), Permissions = permissions }; // Generate the shared access signature on the blob, setting the constraints directly on the signature. sasBlobToken = cloudBlockBlob.GetSharedAccessSignature(adHocSas, null, null, SharedAccessProtocol.HttpsOrHttp, null); } return(sasBlobToken); }
/// <summary> /// Applies the BLOB policy. /// </summary> /// <param name="container">The container.</param> /// <param name="policyName">Name of the policy.</param> /// <param name="expireOffsetInMinute">The expire offset in minute.</param> /// <param name="permissions">The permissions.</param> protected static void ApplyBlobPolicy(CloudBlobContainer container, string policyName, int expireOffsetInMinute = 10, SharedAccessBlobPermissions permissions = SharedAccessBlobPermissions.List) { container.CheckNullObject("container"); policyName.CheckEmptyString("policyName"); //Get the container's existing permissions. var containerPermissions = new BlobContainerPermissions(); var sharedPolicy = new SharedAccessBlobPolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(expireOffsetInMinute), Permissions = permissions }; //Add the new policy to the container's permissions. containerPermissions.SharedAccessPolicies.Clear(); containerPermissions.SharedAccessPolicies.Add(policyName, sharedPolicy); container.SetPermissions(containerPermissions); }
/// <summary> /// BlobのSAS Token署名を生成します。Blobが空の場合、Container SAS Token署名を生成します。 /// </summary> /// <param name="container"></param> /// <param name="blob"></param> /// <param name="permission"></param> /// <returns></returns> public async Task <string> GenerateExpireTokenAsync(string container, string blob, SharedAccessBlobPermissions permission = SharedAccessBlobPermissions.Read) { Expiry = TimeSpan.FromMinutes(-5); return(await GenerateSasTokenAsync(client.GetContainerReference(container), blob, permission)); }
/// <summary> /// Generates the BLOB URI. /// </summary> /// <param name="container">The container.</param> /// <param name="blobIdentifier">The BLOB identifier.</param> /// <param name="expireOffsetInMinute">The expire offset in minute.</param> /// <param name="permission">The permission.</param> /// <returns>BinaryStorageActionCredential.</returns> protected static BinaryStorageActionCredential GenerateBlobUri(CloudBlobContainer container, string blobIdentifier, int expireOffsetInMinute = 10, SharedAccessBlobPermissions permission = SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read) { var blob = container.GetBlockBlobReference(blobIdentifier); //Set the expiry time and permissions for the container. //In this case no start time is specified, so the shared access signature becomes valid immediately. var sasConstraints = new SharedAccessBlobPolicy(); var expiredStamp = DateTime.UtcNow.AddMinutes(expireOffsetInMinute); sasConstraints.SharedAccessExpiryTime = expiredStamp; sasConstraints.Permissions = permission; string sasContainerToken = blob.GetSharedAccessSignature(sasConstraints); //Return the URI string for the container, including the SAS token. return new BinaryStorageActionCredential() { CredentialUri = blob.Uri + sasContainerToken, StorageUri = blob.Uri.ToString(), Container = container.Name, Identifier = blobIdentifier, CredentialExpiredStamp = expiredStamp }; }
private async Task <string> GenerateSasTokenAsync(CloudBlobContainer container, string blob, SharedAccessBlobPermissions permission, string policyName = "") { return(string.IsNullOrWhiteSpace(blob) ? await GenerateContainerSasTokenAsync(container, permission) : await GenerateBlobSasTokenAsync(container, blob, permission)); }
private async Task <string> GenerateBlobSasTokenAsync(CloudBlobContainer container, string blobName, SharedAccessBlobPermissions permission, string policyName = "") { string sasBlobToken; await container.CreateIfNotExistsAsync(); var blob = container.GetBlockBlobReference(blobName); if (string.IsNullOrWhiteSpace(policyName)) { var policy = CreateAdhocPolicy(permission); sasBlobToken = blob.GetSharedAccessSignature(policy); } else { sasBlobToken = blob.GetSharedAccessSignature(null, policyName); } return(sasBlobToken); }
public static string GenerateBlobStorageSasUrl(string connectionString, string blobContainerName, DateTime expiryTime, SharedAccessBlobPermissions permissions) { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(connectionString); CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient(); CloudBlobContainer blobContainer = blobClient.GetContainerReference(blobContainerName); blobContainer.CreateIfNotExists(); var sasToken = blobContainer.GetSharedAccessSignature( new SharedAccessBlobPolicy() { SharedAccessExpiryTime = expiryTime, Permissions = permissions }); return(blobContainer.Uri + sasToken); }
public string GenerateSharedAccessSignature(string containerName, string blobName, bool read, bool write, bool delete, bool list, DateTime startTime, DateTime endTime) { CloudBlobClient client = CloudStorageAccount.CreateCloudBlobClient(); client.RetryPolicy = new LinearRetry(TimeSpan.Zero, 20); //client.RetryPolicy = RetryPolicies.Retry(20, TimeSpan.Zero); CloudBlobContainer container = client.GetContainerReference(containerName); string path; if (string.IsNullOrEmpty(blobName)) { path = container.Uri.AbsoluteUri; } else { CloudBlockBlob blob = container.GetBlockBlobReference(blobName); path = blob.Uri.AbsoluteUri; } SharedAccessBlobPermissions permissions = new SharedAccessBlobPermissions(); if (read) permissions |= SharedAccessBlobPermissions.Read; if (write) permissions |= SharedAccessBlobPermissions.Write; if (delete) permissions |= SharedAccessBlobPermissions.Delete; if (list) permissions |= SharedAccessBlobPermissions.List; SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy() { Permissions = permissions, SharedAccessStartTime = startTime, SharedAccessExpiryTime = endTime }; string queryString = container.GetSharedAccessSignature(policy); return path + queryString; }
/// <summary> /// Returns a shared access signature (SAS) URL providing the specified permissions to the specified container. /// </summary> /// <param name="blobClient">A <see cref="Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient"/>.</param> /// <param name="containerName">The name of the container for which a SAS URL should be obtained.</param> /// <param name="permissions">The permissions granted by the SAS URL.</param> /// <returns>A SAS URL providing the specified access to the container.</returns> /// <remarks>The SAS URL provided is valid for 2 hours from the time this method is called. The container must /// already exist within Azure Storage.</remarks> private static string GetContainerSasUrl(CloudBlobClient blobClient, string containerName, SharedAccessBlobPermissions permissions) { // Set the expiry time and permissions for the container access signature. In this case, no start time is specified, // so the shared access signature becomes valid immediately SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy { SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2), Permissions = permissions }; // Generate the shared access signature on the container, setting the constraints directly on the signature CloudBlobContainer container = blobClient.GetContainerReference(containerName); string sasContainerToken = container.GetSharedAccessSignature(sasConstraints); // Return the URL string for the container, including the SAS token return(String.Format("{0}{1}", container.Uri, sasContainerToken)); }
private void TestAccess(string sasToken, SharedAccessBlobPermissions permissions, CloudBlobContainer container, ICloudBlob blob) { StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(container.Uri, credentials); if (blob.BlobType == BlobType.BlockBlob) { blob = container.GetBlockBlobReference(blob.Name); } else { blob = container.GetPageBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { blob = new CloudBlockBlob(blob.Uri, credentials); } else { blob = new CloudPageBlob(blob.Uri, credentials); } } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { container.ListBlobs().ToArray(); } else { TestHelper.ExpectedException( () => container.ListBlobs().ToArray(), "List blobs while SAS does not allow for listing", HttpStatusCode.NotFound); } } if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { blob.FetchAttributes(); } else { TestHelper.ExpectedException( () => blob.FetchAttributes(), "Fetch blob attributes while SAS does not allow for reading", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { blob.SetMetadata(); } else { TestHelper.ExpectedException( () => blob.SetMetadata(), "Set blob metadata while SAS does not allow for writing", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { blob.Delete(); } else { TestHelper.ExpectedException( () => blob.Delete(), "Delete blob while SAS does not allow for deleting", HttpStatusCode.NotFound); } }
private static void TestBlobSAS(CloudBlob testBlob, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers) { SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = permissions, }; string sasToken = testBlob.GetSharedAccessSignature(policy, headers, null); TestAccess(sasToken, permissions, headers, null, testBlob); }
private static void TestBlobSAS(ICloudBlob testBlob, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers, string sasVersion) { UploadText(testBlob, "blob", Encoding.UTF8); SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = permissions, }; string sasToken = testBlob.GetSharedAccessSignature(policy, headers, null, sasVersion); TestAccess(sasToken, permissions, headers, null, testBlob); }
private string GetBlobSasToken(CloudBlobContainer container, string blobName, SharedAccessBlobPermissions permissions, string policyName = null) { string sasBlobToken; CloudBlockBlob blob = container.GetBlockBlobReference(blobName); if (policyName == null) { var adHocSas = CreateAdHocSasPolicy(permissions); sasBlobToken = blob.GetSharedAccessSignature(adHocSas); } else { sasBlobToken = blob.GetSharedAccessSignature(null, policyName); } return(sasBlobToken); }
/// <summary> /// Returns a shared access signature (SAS) URL providing the specified permissions to the specified container. /// </summary> /// <param name="blobClient">A <see cref="Microsoft.WindowsAzure.Storage.Blob.CloudBlobClient"/>.</param> /// <param name="containerName">The name of the container for which a SAS URL should be obtained.</param> /// <param name="permissions">The permissions granted by the SAS URL.</param> /// <returns>A SAS URL providing the specified access to the container.</returns> /// <remarks>The SAS URL provided is valid for 2 hours from the time this method is called. The container must /// already exist within Azure Storage.</remarks> private static string GetContainerSasUrl(CloudBlobClient blobClient, string containerName, SharedAccessBlobPermissions permissions) { // Set the expiry time and permissions for the container access signature. In this case, no start time is specified, // so the shared access signature becomes valid immediately SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy { SharedAccessExpiryTime = DateTime.UtcNow.AddHours(2), Permissions = permissions }; // Generate the shared access signature on the container, setting the constraints directly on the signature CloudBlobContainer container = blobClient.GetContainerReference(containerName); string sasContainerToken = container.GetSharedAccessSignature(sasConstraints); // Return the URL string for the container, including the SAS token return String.Format("{0}{1}", container.Uri, sasContainerToken); }
public void WillReturnEmptyStringForSharedAccessKeySignature(SharedAccessBlobPermissions permissions) { var container = new StandaloneAzureBlobContainer(new Uri(_containerPath)); Assert.Equal("", container.GetSharedAccessSignature(new SharedAccessBlobPolicy { Permissions = permissions })); }
private static async Task TestAccessAsync(string sasToken, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers, CloudBlobContainer container, CloudBlob blob) { OperationContext operationContext = new OperationContext(); StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(container.Uri, credentials); if (blob.BlobType == BlobType.BlockBlob) { blob = container.GetBlockBlobReference(blob.Name); } else { blob = container.GetPageBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { blob = new CloudBlockBlob(blob.Uri, credentials); } else { blob = new CloudPageBlob(blob.Uri, credentials); } } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { await container.ListBlobsSegmentedAsync(null); } else { await TestHelper.ExpectedExceptionAsync( async () => await container.ListBlobsSegmentedAsync(null, true, BlobListingDetails.None, null, null, null, operationContext), operationContext, "List blobs while SAS does not allow for listing", HttpStatusCode.Forbidden); } } if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { await blob.FetchAttributesAsync(); // Test headers if (headers != null) { if (headers.CacheControl != null) { Assert.AreEqual(headers.CacheControl, blob.Properties.CacheControl); } if (headers.ContentDisposition != null) { Assert.AreEqual(headers.ContentDisposition, blob.Properties.ContentDisposition); } if (headers.ContentEncoding != null) { Assert.AreEqual(headers.ContentEncoding, blob.Properties.ContentEncoding); } if (headers.ContentLanguage != null) { Assert.AreEqual(headers.ContentLanguage, blob.Properties.ContentLanguage); } if (headers.ContentType != null) { Assert.AreEqual(headers.ContentType, blob.Properties.ContentType); } } } else { await TestHelper.ExpectedExceptionAsync( async () => await blob.FetchAttributesAsync(null, null, operationContext), operationContext, "Fetch blob attributes while SAS does not allow for reading", HttpStatusCode.Forbidden); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { await blob.SetMetadataAsync(); } else { await TestHelper.ExpectedExceptionAsync( async () => await blob.SetMetadataAsync(null, null, operationContext), operationContext, "Set blob metadata while SAS does not allow for writing", HttpStatusCode.Forbidden); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { await blob.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync( async () => await blob.DeleteAsync(DeleteSnapshotsOption.None, null, null, operationContext), operationContext, "Delete blob while SAS does not allow for deleting", HttpStatusCode.Forbidden); } }
private async Task TestAccessAsync(string sasToken, SharedAccessBlobPermissions permissions, CloudBlobContainer container, ICloudBlob blob) { OperationContext operationContext = new OperationContext(); StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(container.Uri, credentials); if (blob.BlobType == BlobType.BlockBlob) { blob = container.GetBlockBlobReference(blob.Name); } else { blob = container.GetPageBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { blob = new CloudBlockBlob(blob.Uri, credentials); } else { blob = new CloudPageBlob(blob.Uri, credentials); } } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { await container.ListBlobsSegmentedAsync(null); } else { await TestHelper.ExpectedExceptionAsync( async () => await container.ListBlobsSegmentedAsync(null, true, BlobListingDetails.None, null, null, null, operationContext), operationContext, "List blobs while SAS does not allow for listing", HttpStatusCode.NotFound); } } if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { await blob.FetchAttributesAsync(); } else { await TestHelper.ExpectedExceptionAsync( async () => await blob.FetchAttributesAsync(null, null, operationContext), operationContext, "Fetch blob attributes while SAS does not allow for reading", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { await blob.SetMetadataAsync(); } else { await TestHelper.ExpectedExceptionAsync( async () => await blob.SetMetadataAsync(null, null, operationContext), operationContext, "Set blob metadata while SAS does not allow for writing", HttpStatusCode.NotFound); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { await blob.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync( async () => await blob.DeleteAsync(DeleteSnapshotsOption.None, null, null, operationContext), operationContext, "Delete blob while SAS does not allow for deleting", HttpStatusCode.NotFound); } }
/// <summary> /// Returns Uri composed of Container + SharedAccessSignature token. /// If PolicyName is provided, will return SAS generated off of the policy, /// otherwise will develop SAS from provided SharedAccessBlobPolicy parameters. /// </summary> /// <param name="container"></param> /// <param name="policyName"></param> /// <param name="duration"></param> /// <param name="sharedAccessBlobPermissions"></param> /// <returns></returns> public static string GetContainerSharedAccessSignatureUri(this CloudBlobContainer container, string policyName = null, TimeSpan?duration = null, SharedAccessBlobPermissions sharedAccessBlobPermissions = SharedAccessBlobPermissions.Read) { var sharedAccessBlobPolicy = BuildSharedAccessBlobPolicy(duration, sharedAccessBlobPermissions); //Generate the shared access signature on the container, setting the constraints directly on the signature. // Note token starts with ? for easy appending to blob Uri: string containerSharedAccessSignatureToken = (!string.IsNullOrWhiteSpace(policyName)) ? container.GetSharedAccessSignature(null, policyName) : container.GetSharedAccessSignature(sharedAccessBlobPolicy); //Return the URI string for the container, including the SAS token. string result = container.Uri + containerSharedAccessSignatureToken; return(result); }
private static async Task TestAccessAsync(string sasToken, SharedAccessBlobPermissions permissions, SharedAccessBlobHeaders headers, CloudBlobContainer container, CloudBlob blob, HttpStatusCode setBlobMetadataWhileSasExpectedStatusCode = HttpStatusCode.Forbidden, HttpStatusCode deleteBlobWhileSasExpectedStatusCode = HttpStatusCode.Forbidden, HttpStatusCode listBlobWhileSasExpectedStatusCode = HttpStatusCode.Forbidden) { OperationContext operationContext = new OperationContext(); StorageCredentials credentials = string.IsNullOrEmpty(sasToken) ? new StorageCredentials() : new StorageCredentials(sasToken); if (container != null) { container = new CloudBlobContainer(container.Uri, credentials); if (blob.BlobType == BlobType.BlockBlob) { blob = container.GetBlockBlobReference(blob.Name); } else { blob = container.GetPageBlobReference(blob.Name); } } else { if (blob.BlobType == BlobType.BlockBlob) { blob = new CloudBlockBlob(blob.Uri, credentials); } else { #if !FACADE_NETCORE blob = new CloudPageBlob(blob.Uri, credentials); #else blob = new CloudPageBlob(blob.Uri, null, credentials); #endif } } if (container != null) { if ((permissions & SharedAccessBlobPermissions.List) == SharedAccessBlobPermissions.List) { await container.ListBlobsSegmentedAsync(null); } else { await TestHelper.ExpectedExceptionAsync( async() => await container.ListBlobsSegmentedAsync(null, true, BlobListingDetails.None, null, null, null, operationContext), operationContext, "List blobs while SAS does not allow for listing", listBlobWhileSasExpectedStatusCode); } } if ((permissions & SharedAccessBlobPermissions.Read) == SharedAccessBlobPermissions.Read) { await blob.FetchAttributesAsync(); // Test headers if (headers != null) { if (headers.CacheControl != null) { Assert.AreEqual(headers.CacheControl, blob.Properties.CacheControl); } if (headers.ContentDisposition != null) { Assert.AreEqual(headers.ContentDisposition, blob.Properties.ContentDisposition); } if (headers.ContentEncoding != null) { Assert.AreEqual(headers.ContentEncoding, blob.Properties.ContentEncoding); } if (headers.ContentLanguage != null) { Assert.AreEqual(headers.ContentLanguage, blob.Properties.ContentLanguage); } if (headers.ContentType != null) { Assert.AreEqual(headers.ContentType, blob.Properties.ContentType); } } } else { await TestHelper.ExpectedExceptionAsync( async() => await blob.FetchAttributesAsync(null, null, operationContext), operationContext, "Fetch blob attributes while SAS does not allow for reading", HttpStatusCode.Forbidden); } if ((permissions & SharedAccessBlobPermissions.Write) == SharedAccessBlobPermissions.Write) { await blob.SetMetadataAsync(); } else { await TestHelper.ExpectedExceptionAsync( async() => await blob.SetMetadataAsync(null, null, operationContext), operationContext, "Set blob metadata while SAS does not allow for writing", setBlobMetadataWhileSasExpectedStatusCode); } if ((permissions & SharedAccessBlobPermissions.Delete) == SharedAccessBlobPermissions.Delete) { await blob.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync( async() => await blob.DeleteAsync(DeleteSnapshotsOption.None, null, null, operationContext), operationContext, "Delete blob while SAS does not allow for deleting", deleteBlobWhileSasExpectedStatusCode); } }
public static void SetContainerSharedAccessPolicy(this CloudBlobContainer container, string policyName, TimeSpan?duration = null, SharedAccessBlobPermissions sharedAccessBlobPermissions = SharedAccessBlobPermissions.Read) { var sharedAccessBlobPolicy = BuildSharedAccessBlobPolicy(duration, sharedAccessBlobPermissions); container.SetContainerSharedAccessPolicy(policyName, sharedAccessBlobPolicy); }
/// <summary> /// Returns a shared access signature (SAS) URL providing the specified /// permissions to the specified container. The SAS URL provided is valid for 2 hours from /// the time this method is called. The container must already exist in Azure Storage. /// </summary> /// <param name="blobClient">A <see cref="CloudBlobClient"/>.</param> /// <param name="containerName">The name of the container for which a SAS URL will be obtained.</param> /// <param name="permissions">The permissions granted by the SAS URL.</param> /// <returns>A SAS URL providing the specified access to the container.</returns> private static string GetContainerSasUrl(CloudBlobClient blobClient, string containerName, SharedAccessBlobPermissions permissions) { // Set the expiry time and permissions for the container access signature. In this case, no start time is specified, // so the shared access signature becomes valid immediately. Expiration is in 2 hours. SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy { SharedAccessStartTime = DateTime.Now.AddHours(-24), SharedAccessExpiryTime = DateTime.Now.AddHours(24), Permissions = permissions }; // Generate the shared access signature on the container, setting the constraints directly on the signature CloudBlobContainer container = blobClient.GetContainerReference(containerName); // Construct the Storage account connection string string storageConnectionString = String.Format("DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1}", storageAccountName, storageAccountKey); // Retrieve the storage account CloudStorageAccount storageAccount = CloudStorageAccount.Parse(storageConnectionString); //string sasStorageToken = storageAccount.GetSharedAccessSignature(sasConstraints2); string sasContainerToken = container.GetSharedAccessSignature(sasConstraints); Console.WriteLine("SAS Url: {0}", String.Format("{0}{1}", container.Uri, sasContainerToken)); // Return the URL string for the container, including the SAS token return(String.Format("{0}{1}", container.Uri, sasContainerToken)); }