public async Task <AttachmentDto> DownloadAttachment(int attachmentId)
{
var attachement = await _dbContext.< YourEntity >.SingleOrDefaultAsync(a => a.Id == attachmentId);
if (attachement != null)
{
var storageAccount = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["InputAttachmentStorage"].ConnectionString);
var blobClient = storageAccount.CreateCloudBlobClient();
var inputContainer = blobClient.GetContainerReference("cpinputattachments");
var block = inputContainer.GetBlobReferenceFromServer(attachement.Path);
var memoryStream = new MemoryStream();
// TODO :: create async encrypted upload :: Fork - https://github.com/thuru/azure-encryption-extensions
var encryptionProvider = new SymmetricBlobCryptoProvider(GetEncryptionKey(new object()));
block.DownloadToStreamEncrypted(encryptionProvider, memoryStream);
memoryStream.Position = 0;
return(new AttachmentDto()
{
FileStream = memoryStream,
FileName = attachement.FileName
});
}
else
{
throw new ApplicationException("File does not exist");
}
}
public void BlockBlob_UploadDownload_File_Stream()
{
using (var file = new TemporaryFile(512))
{
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
CloudBlockBlob blob = container.GetBlockBlobReference(file.fileInfo.Name);
// Create provider
var provider = new SymmetricBlobCryptoProvider();
// Upload file
blob.UploadFromFileEncrypted(provider, file.fileInfo.FullName, FileMode.Open);
// Download stream
MemoryStream downloadedStream = new MemoryStream();
blob.DownloadToStreamEncrypted(provider, downloadedStream);
// Compare raw and decrypted data
Assert.AreEqual(GetFileHash(file.fileInfo.FullName), GetStreamHash(downloadedStream));
// Download file again, without our library, to ensure it was actually encrypted
MemoryStream encryptedStream = new MemoryStream();
blob.DownloadToStream(encryptedStream);
// Delete blob
blob.DeleteIfExists();
}
}
public void IsActuallyEncryptedTest()
{
// Make a key
byte[] key;
int ivLength;
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
{
key = aes.Key;
ivLength = aes.BlockSize / 8;
}
// Make a provider
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider(key);
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
byte[] result = new byte[sampleStreamSize + ivLength];
encryptedStream.Read(result, 0, result.Length);
Assert.IsFalse(
result.SequenceEqual(streamSample.ToArray()),
"Encrypted stream is not encrypted");
Assert.IsFalse(
result.Take(5).SequenceEqual(streamSample.ToArray().Take(5)),
"Encrypted stream is not encrypted");
}
public void BlockBlob_UploadDownload_File()
{
using (var file = new TemporaryFile(512))
{
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
CloudBlockBlob blob = container.GetBlockBlobReference(file.fileInfo.Name);
// Create provider
var provider = new SymmetricBlobCryptoProvider();
// Upload file
blob.UploadFromFileEncrypted(provider, file.fileInfo.FullName, FileMode.Open);
// Download file
string destinationFile = file.fileInfo.FullName + "decrypted";
blob.DownloadToFileEncrypted(provider, destinationFile, FileMode.Create);
// Compare raw and decrypted files
Assert.AreEqual(GetFileHash(file.fileInfo.FullName), GetFileHash(destinationFile));
// Download file again, without our library, to ensure it was actually encrypted
string encryptedDestinationFile = file.fileInfo.FullName + "encrypted";
blob.DownloadToFile(encryptedDestinationFile, FileMode.Create);
// Delete blob
blob.DeleteIfExists();
// Compare raw and encrypted files
Assert.AreNotEqual(GetFileHash(file.fileInfo.FullName), GetFileHash(encryptedDestinationFile));
// Cleanup
if (File.Exists(destinationFile))
{
File.Delete(destinationFile);
}
if (File.Exists(encryptedDestinationFile))
{
File.Delete(encryptedDestinationFile);
}
}
}
public void BlockBlob_UploadDownload_Stream_KeyFileString()
{
// Prepare random memory stream
Random random = new Random();
byte[] buffer = new byte[51200];
random.NextBytes(buffer);
MemoryStream testStream = new MemoryStream(buffer);
// Get a blob reference
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
String blobId = Guid.NewGuid().ToString();
CloudBlockBlob blob = container.GetBlockBlobReference(blobId);
// Create provider
var provider = new SymmetricBlobCryptoProvider();
// Upload stream
blob.UploadFromStreamEncrypted(provider, testStream);
// Recreate provider from keyfile string
var restoredProvider = ProviderFactory.CreateProviderFromKeyFileString(provider.ToKeyFileString());
// Download stream
MemoryStream downloadedStream = new MemoryStream();
CloudBlockBlob blobRestored = container.GetBlockBlobReference(blobId);
blobRestored.DownloadToStreamEncrypted(restoredProvider, downloadedStream);
// Compare raw and decrypted streams
Assert.IsTrue(testStream.ToArray().SequenceEqual(downloadedStream.ToArray()));
// Download file again, without our library, to ensure it was actually encrypted
MemoryStream encryptedStream = new MemoryStream();
blob.DownloadToStream(encryptedStream);
// Delete blob
blob.DeleteIfExists();
// Compare raw and encrypted streams
Assert.IsFalse(testStream.ToArray().SequenceEqual(encryptedStream.ToArray()));
}
public void ToKeyFileStringAndBackTest()
{
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider();
string keyString = symmetricProvider.ToKeyFileString();
IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFileString(keyString);
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public static void UploadEncryptedFileSymmetric(string path, CloudBlobContainer container)
{
// Create a blob named after the file we are uploading
CloudBlockBlob blob = container.GetBlockBlobReference("SymmetricUploadTest.jpg");
// Create an Azure Encryption Extensions symmetric encryption provider
// We are not passing any key material so a 256-bit AES key will be generated for us.
var provider = new SymmetricBlobCryptoProvider();
// Since we let the library generate a new key for us, we need to persist it somewhere
// so we can decrypt our blob later. We can use a simple JSON storage format built into
// the library to store our key on disk.
// Remember: If we lose this key we can never retrieve our blob.
provider.WriteKeyFile("symmetricKey.dat");
// Encrypt and upload the file to Azure, passing in our provider
// The file will be prepended with a random IV and encrypted with AES256.
// This 'Encrypted' extension method mirrors the native methods but takes a provider.
blob.UploadFromFileEncrypted(provider, path, FileMode.Open);
}
public void EncryptAndDecryptStreamTest()
{
// Make a key
byte[] key;
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
key = aes.Key;
// Make a provider
IBlobCryptoProvider symmetricProvider = new SymmetricBlobCryptoProvider(key);
// In all cases we are READING from streams
// (read from original, read from encrypted, read from decrypted).
var encryptedStream = symmetricProvider.EncryptedStream(streamSample);
var decryptedStream = symmetricProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public async Task <int> UploadInstanceAttachmentAsync(MultipartMemoryStreamProvider provider)
{
foreach (var file in provider.Contents)
{
var fileName = file.Headers.ContentDisposition.FileName.Replace("\"", "");
var stream = await file.ReadAsStreamAsync();
var storageAccount = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings["InputAttachmentStorage"].ConnectionString);
var blobClient = storageAccount.CreateCloudBlobClient();
var inputContainer = blobClient.GetContainerReference("uploadcontainer");
bool okToProceed = await inputContainer.ExistsAsync();
if (!okToProceed)
{
okToProceed = await inputContainer.CreateIfNotExistsAsync();
}
if (okToProceed)
{
var path = "uploads" + "/" + fileName;
var block = inputContainer.GetBlockBlobReference(path);
// TODO :: create async encrypted upload :: Fork - https://github.com/thuru/azure-encryption-extensions
var encryptionProvider = new SymmetricBlobCryptoProvider(GetEncryptionKey(new object()));
block.UploadFromStreamEncrypted(encryptionProvider, stream);
}
else
{
throw new ApplicationException("Unable to create / access container in Azure Storage");
}
}
return(0);
}
