/// <summary>
/// Use an account's <see cref="UserDelegationKey"/> to sign this
/// shared access signature values to produce the propery SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="userDelegationKey">
/// A <see cref="UserDelegationKey"/> returned from
/// <see cref="Azure.Storage.Blobs.BlobServiceClient.GetUserDelegationKeyAsync"/>.
/// </param>
/// <param name="accountName">The name of the storage account.</param>
/// <returns>
/// The <see cref="BlobSasQueryParameters"/> used for authenticating requests.
/// </returns>
public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName)
{
userDelegationKey = userDelegationKey ?? throw new ArgumentNullException(nameof(userDelegationKey));
this.EnsureState();
var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime);
var signedStart = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedStart);
var signedExpiry = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedExpiry);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
this.Permissions,
startTime,
expiryTime,
GetCanonicalName(accountName, this.ContainerName ?? String.Empty, this.BlobName ?? String.Empty),
userDelegationKey.SignedOid,
userDelegationKey.SignedTid,
signedStart,
signedExpiry,
userDelegationKey.SignedService,
userDelegationKey.SignedVersion,
this.IPRange.ToString(),
this.Protocol.ToString(),
this.Version,
this.Resource,
this.Snapshot,
this.CacheControl,
this.ContentDisposition,
this.ContentEncoding,
this.ContentLanguage,
this.ContentType);
var signature = ComputeHMACSHA256(userDelegationKey.Value, stringToSign);
var p = new BlobSasQueryParameters(
version: this.Version,
services: null,
resourceTypes: null,
protocol: this.Protocol,
startTime: this.StartTime,
expiryTime: this.ExpiryTime,
ipRange: this.IPRange,
identifier: null,
resource: this.Resource,
permissions: this.Permissions,
keyOid: userDelegationKey.SignedOid,
keyTid: userDelegationKey.SignedTid,
keyStart: userDelegationKey.SignedStart,
keyExpiry: userDelegationKey.SignedExpiry,
keyService: userDelegationKey.SignedService,
keyVersion: userDelegationKey.SignedVersion,
signature: signature);
return(p);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="BlobSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
EnsureState();
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, BlobContainerName ?? String.Empty, BlobName ?? String.Empty),
Identifier,
IPRange.ToString(),
Protocol.ToString(),
Version,
Resource,
Snapshot,
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new BlobSasQueryParameters(
version: Version,
services: null,
resourceTypes: null,
protocol: Protocol,
startTime: StartTime,
expiryTime: ExpiryTime,
ipRange: IPRange,
identifier: Identifier,
resource: Resource,
permissions: Permissions,
signature: signature,
cacheControl: CacheControl,
contentDisposition: ContentDisposition,
contentEncoding: ContentEncoding,
contentLanguage: ContentLanguage,
contentType: ContentType);
return(p);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="BlobSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw new ArgumentNullException(nameof(sharedKeyCredential));
this.EnsureState();
var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
this.Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, this.ContainerName ?? String.Empty, this.BlobName ?? String.Empty),
this.Identifier,
this.IPRange.ToString(),
this.Protocol.ToString(),
this.Version,
this.Resource,
this.Snapshot,
this.CacheControl,
this.ContentDisposition,
this.ContentEncoding,
this.ContentLanguage,
this.ContentType);
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new BlobSasQueryParameters(
version: this.Version,
services: null,
resourceTypes: null,
protocol: this.Protocol,
startTime: this.StartTime,
expiryTime: this.ExpiryTime,
ipRange: this.IPRange,
identifier: this.Identifier,
resource: this.Resource,
permissions: this.Permissions,
signature: signature);
return(p);
}
/// <summary>
/// Parses the key properties into the QueryParameters instance.
/// </summary>
/// <param name="parameters">
/// The BlobSasQueryParameters or DataLakeSasQueryParameters instance.
/// </param>
/// <param name="values">
/// Dictionary of keys and values.
/// </param>
internal static void ParseKeyProperties(
this
#if BlobSDK
BlobSasQueryParameters
#elif DataLakeSDK
DataLakeSasQueryParameters
/// <summary>
/// Use an account's <see cref="UserDelegationKey"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="userDelegationKey">
/// A <see cref="UserDelegationKey"/> returned from
/// <see cref="Azure.Storage.Blobs.BlobServiceClient.GetUserDelegationKeyAsync"/>.
/// </param>
/// <param name="accountName">The name of the storage account.</param>
/// <returns>
/// The <see cref="BlobSasQueryParameters"/> used for authenticating requests.
/// </returns>
public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName)
{
userDelegationKey = userDelegationKey ?? throw Errors.ArgumentNull(nameof(userDelegationKey));
EnsureState();
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime);
var signedStart = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedStart);
var signedExpiry = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedExpiry);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(accountName, BlobContainerName ?? String.Empty, BlobName ?? String.Empty),
userDelegationKey.SignedObjectId,
userDelegationKey.SignedTenantId,
signedStart,
signedExpiry,
userDelegationKey.SignedService,
userDelegationKey.SignedVersion,
IPRange.ToString(),
Protocol.ToString(),
Version,
Resource,
Snapshot,
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = ComputeHMACSHA256(userDelegationKey.Value, stringToSign);
var p = new BlobSasQueryParameters(
version: Version,
services: null,
resourceTypes: null,
protocol: Protocol,
startTime: StartTime,
expiryTime: ExpiryTime,
ipRange: IPRange,
identifier: null,
resource: Resource,
permissions: Permissions,
keyOid: userDelegationKey.SignedObjectId,
keyTid: userDelegationKey.SignedTenantId,
keyStart: userDelegationKey.SignedStart,
keyExpiry: userDelegationKey.SignedExpiry,
keyService: userDelegationKey.SignedService,
keyVersion: userDelegationKey.SignedVersion,
signature: signature,
cacheControl: CacheControl,
contentDisposition: ContentDisposition,
contentEncoding: ContentEncoding,
contentLanguage: ContentLanguage,
contentType: ContentType);
return(p);
}
