public async Task RunFileTest(SharedAccessAccountPolicy policy, int?httpsPort, OperationContext opContext = null) { CloudFileClient fileClient = GenerateCloudFileClient(); string shareName = "s" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(fileClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = fileClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } else { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "http", 80), TransformSchemeAndPort(storageUri.SecondaryUri, "http", 80)); } CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, null, null, null, storageUri); CloudFileClient fileClientWithSAS = accountWithSAS.CreateCloudFileClient(); CloudFileShare shareWithSAS = fileClientWithSAS.GetShareReference(shareName); CloudFileShare share = fileClient.GetShareReference(shareName); await share.CreateAsync(); string fileName = "file"; CloudFile file = share.GetRootDirectoryReference().GetFileReference(fileName); CloudFile fileWithSAS = shareWithSAS.GetRootDirectoryReference().GetFileReference(fileName); byte[] content = new byte[] { 0x1, 0x2, 0x3, 0x4 }; await file.CreateAsync(content.Length); using (MemoryStream stream = new MemoryStream(content)) { await file.WriteRangeAsync(stream, 0, null); } byte[] result = new byte[content.Length]; await fileWithSAS.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length, null, null, opContext); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(content[i], result[i]); } } finally { fileClient.GetShareReference(shareName).DeleteIfExistsAsync().Wait(); } }
public async Task RunBlobTest(SharedAccessAccountPolicy policy, int?httpsPort, OperationContext opContext = null) { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = blobClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } else { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "http", 80), TransformSchemeAndPort(storageUri.SecondaryUri, "http", 80)); } CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, storageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlobContainer container = blobClient.GetContainerReference(containerName); await container.CreateAsync(); string blobName = "blob"; CloudBlockBlob blob = container.GetBlockBlobReference(blobName); string blobText = "blobText"; await blob.UploadTextAsync(blobText); CloudBlockBlob blobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); Assert.AreEqual(blobText, await blobWithSAS.DownloadTextAsync(null, null, opContext)); } finally { blobClient.GetContainerReference(containerName).DeleteIfExistsAsync().Wait(); } }
public async Task RunQueueTest(SharedAccessAccountPolicy policy, int?httpsPort, OperationContext opContext = null) { CloudQueueClient queueClient = GenerateCloudQueueClient(); string queueName = "q" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(queueClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = queueClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } else { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "http", 80), TransformSchemeAndPort(storageUri.SecondaryUri, "http", 80)); } CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, null, storageUri, null, null); CloudQueueClient queueClientWithSAS = accountWithSAS.CreateCloudQueueClient(); CloudQueue queueWithSAS = queueClientWithSAS.GetQueueReference(queueName); CloudQueue queue = queueClient.GetQueueReference(queueName); await queue.CreateAsync(); string messageText = "message text"; CloudQueueMessage message = new CloudQueueMessage(messageText); await queue.AddMessageAsync(message); Assert.AreEqual(messageText, (await queueWithSAS.GetMessageAsync(null, null, opContext)).AsString); } finally { queueClient.GetQueueReference(queueName).DeleteIfExistsAsync().Wait(); } }
private async Task<string> GetMyTableIPAddressFromService() { CloudTableClient tableClient = GenerateCloudTableClient(); string tableName = "c" + Guid.NewGuid().ToString("N"); CloudTable table = tableClient.GetTableReference(tableName); try { await table.CreateAsync(); string propName = "prop"; int propValue = 4; DynamicTableEntity entity1 = new DynamicTableEntity(); string partitionKey = "PK"; string rowKeyPrefix = "RK"; entity1.PartitionKey = partitionKey; entity1.RowKey = rowKeyPrefix + "1"; entity1.Properties = new Dictionary<string, EntityProperty>() { { propName, EntityProperty.GeneratePropertyForInt(propValue) } }; await table.ExecuteAsync(TableOperation.Insert(entity1)); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); HostName invalidIP = new HostName("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(tableClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, tableClient.StorageUri, null); CloudTableClient tableClientWithSAS = accountWithSAS.CreateCloudTableClient(); CloudTable tableWithSAS = tableClientWithSAS.GetTableReference(tableName); string actualIP = null; bool exceptionThrown = false; try { TableQuery query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity1.PartitionKey, entity1.RowKey)); (await tableWithSAS.ExecuteQuerySegmentedAsync(query, null)).First(); } catch (StorageException e) { string[] parts = e.RequestInformation.HttpStatusMessage.Split(' '); actualIP = parts[parts.Length - 1].Trim('.'); exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { table.DeleteIfExistsAsync().Wait(); } }
private async Task<string> GetMyQueueIPAddressFromService() { CloudQueueClient queueClient = GenerateCloudQueueClient(); string queueName = "c" + Guid.NewGuid().ToString("N"); CloudQueue queue = queueClient.GetQueueReference(queueName); try { await queue.CreateAsync(); CloudQueueMessage message = new CloudQueueMessage("content"); await queue.AddMessageAsync(message); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); HostName invalidIP = new HostName("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(queueClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, queueClient.StorageUri, null, null); CloudQueueClient queueClientWithSAS = accountWithSAS.CreateCloudQueueClient(); CloudQueue queueWithSAS = queueClientWithSAS.GetQueueReference(queueName); string actualIP = null; bool exceptionThrown = false; try { await queueWithSAS.GetMessageAsync(); } catch (StorageException e) { actualIP = e.RequestInformation.ExtendedErrorInformation.AdditionalDetails["SourceIP"]; exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { queue.DeleteIfExistsAsync().Wait(); } }
public async Task RunFileTest(SharedAccessAccountPolicy policy, int? httpsPort, OperationContext opContext = null) { CloudFileClient fileClient = GenerateCloudFileClient(); string shareName = "s" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(fileClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = fileClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, null, storageUri); CloudFileClient fileClientWithSAS = accountWithSAS.CreateCloudFileClient(); CloudFileShare shareWithSAS = fileClientWithSAS.GetShareReference(shareName); CloudFileShare share = fileClient.GetShareReference(shareName); await share.CreateAsync(); string fileName = "file"; CloudFile file = share.GetRootDirectoryReference().GetFileReference(fileName); CloudFile fileWithSAS = shareWithSAS.GetRootDirectoryReference().GetFileReference(fileName); byte[] content = new byte[] { 0x1, 0x2, 0x3, 0x4 }; await file.CreateAsync(content.Length); using (MemoryStream stream = new MemoryStream(content)) { await file.WriteRangeAsync(stream, 0, null); } byte[] result = new byte[content.Length]; await fileWithSAS.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length, null, null, opContext); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(content[i], result[i]); } } finally { fileClient.GetShareReference(shareName).DeleteIfExistsAsync().Wait(); } }
public async Task RunPermissionsTestQueues(SharedAccessAccountPolicy policy) { CloudQueueClient queueClient = GenerateCloudQueueClient(); string queueName = "q" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(queueClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, null, queueClient.StorageUri, null, null); CloudQueueClient queueClientWithSAS = accountWithSAS.CreateCloudQueueClient(); CloudQueue queueWithSAS = queueClientWithSAS.GetQueueReference(queueName); CloudQueue queue = queueClient.GetQueueReference(queueName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the queue (Create or Write perms, Container RT) // List queues (List perms, Service RT) // Set queue metadata (Write perms, Container RT) // Insert a message (Add perms, Object RT) // Peek a message (Read perms, Object RT) // Get a message (Process perms, Object RT) // Update a message (Update perms, Object RT) // Clear all messages (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await queueWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.CreateAsync(), "Creating a queue with SAS should fail without Add and Container-level permissions."); await queue.CreateAsync(); } Assert.IsTrue(await queue.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { Assert.AreEqual(queueName, (await queueClientWithSAS.ListQueuesSegmentedAsync(queueName, null)).Results.First().Name); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => (await queueClientWithSAS.ListQueuesSegmentedAsync(queueName, null)).Results.First(), "Listing queues with SAS should fail without Read and Service-level permissions."); } queueWithSAS.Metadata["metadatakey"] = "metadatavalue"; if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await queueWithSAS.SetMetadataAsync(); await queue.FetchAttributesAsync(); Assert.AreEqual("metadatavalue", queue.Metadata["metadatakey"]); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.SetMetadataAsync(), "Setting a queue's metadata with SAS should fail without Write and Container-level permissions."); } string messageText = "messageText"; CloudQueueMessage message = new CloudQueueMessage(messageText); if (((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await queueWithSAS.AddMessageAsync(message); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.AddMessageAsync(message), "Adding a queue message should fail with SAS without Add and Object-level permissions."); await queue.AddMessageAsync(message); } Assert.AreEqual(messageText, ((await queue.PeekMessageAsync()).AsString)); if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { Assert.AreEqual(messageText, (await queueWithSAS.PeekMessageAsync()).AsString); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.PeekMessageAsync(), "Peeking a queue message should fail with SAS without Read and Object-level permissions."); } CloudQueueMessage messageResult = null; if (((policy.Permissions & SharedAccessAccountPermissions.ProcessMessages) == SharedAccessAccountPermissions.ProcessMessages) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { messageResult = await queueWithSAS.GetMessageAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.GetMessageAsync(), "Getting a message should fail with SAS without Process and Object-level permissions."); messageResult = await queue.GetMessageAsync(); } Assert.AreEqual(messageText, messageResult.AsString); string newMessageContent = "new content"; messageResult.SetMessageContent(newMessageContent); if (((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await queueWithSAS.UpdateMessageAsync(messageResult, TimeSpan.Zero, MessageUpdateFields.Content | MessageUpdateFields.Visibility); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.UpdateMessageAsync(messageResult, TimeSpan.Zero, MessageUpdateFields.Content | MessageUpdateFields.Visibility), "Updating a message should fail with SAS without Update and Object-level permissions."); await queue.UpdateMessageAsync(messageResult, TimeSpan.Zero, MessageUpdateFields.Content | MessageUpdateFields.Visibility); } messageResult = await queue.PeekMessageAsync(); Assert.AreEqual(newMessageContent, messageResult.AsString); if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await queueWithSAS.ClearAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await queueWithSAS.ClearAsync(), "Clearing messages should fail with SAS without delete and Object-level permissions."); } } finally { queueClient.GetQueueReference(queueName).DeleteIfExistsAsync().Wait(); } }
public async Task RunBlobTest(SharedAccessAccountPolicy policy, int? httpsPort, OperationContext opContext = null) { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = blobClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, storageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlobContainer container = blobClient.GetContainerReference(containerName); await container.CreateAsync(); string blobName = "blob"; CloudBlockBlob blob = container.GetBlockBlobReference(blobName); string blobText = "blobText"; await blob.UploadTextAsync(blobText); CloudBlockBlob blobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); Assert.AreEqual(blobText, await blobWithSAS.DownloadTextAsync(null, null, opContext)); } finally { blobClient.GetContainerReference(containerName).DeleteIfExistsAsync().Wait(); } }
public async Task RunPermissionsTestQueues(SharedAccessAccountPolicy policy) { CloudQueueClient queueClient = GenerateCloudQueueClient(); string queueName = "q" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(queueClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, queueClient.StorageUri, null, null); CloudQueueClient queueClientWithSAS = accountWithSAS.CreateCloudQueueClient(); CloudQueue queueWithSAS = queueClientWithSAS.GetQueueReference(queueName); CloudQueue queue = queueClient.GetQueueReference(queueName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the queue (Create or Write perms, Container RT) // List queues (List perms, Service RT) // Set queue metadata (Write perms, Container RT) // Insert a message (Add perms, Object RT) // Peek a message (Read perms, Object RT) // Get a message (Process perms, Object RT) // Update a message (Update perms, Object RT) // Clear all messages (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await queueWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.CreateAsync(), "Creating a queue with SAS should fail without Add and Container-level permissions."); await queue.CreateAsync(); } Assert.IsTrue(await queue.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { Assert.AreEqual(queueName, (await queueClientWithSAS.ListQueuesSegmentedAsync(queueName, null)).Results.First().Name); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => (await queueClientWithSAS.ListQueuesSegmentedAsync(queueName, null)).Results.First(), "Listing queues with SAS should fail without Read and Service-level permissions."); } queueWithSAS.Metadata["metadatakey"] = "metadatavalue"; if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await queueWithSAS.SetMetadataAsync(); await queue.FetchAttributesAsync(); Assert.AreEqual("metadatavalue", queue.Metadata["metadatakey"]); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.SetMetadataAsync(), "Setting a queue's metadata with SAS should fail without Write and Container-level permissions."); } string messageText = "messageText"; CloudQueueMessage message = new CloudQueueMessage(messageText); if (((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await queueWithSAS.AddMessageAsync(message); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.AddMessageAsync(message), "Adding a queue message should fail with SAS without Add and Object-level permissions."); await queue.AddMessageAsync(message); } Assert.AreEqual(messageText, ((await queue.PeekMessageAsync()).AsString)); if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { Assert.AreEqual(messageText, (await queueWithSAS.PeekMessageAsync()).AsString); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.PeekMessageAsync(), "Peeking a queue message should fail with SAS without Read and Object-level permissions."); } CloudQueueMessage messageResult = null; if (((policy.Permissions & SharedAccessAccountPermissions.ProcessMessages) == SharedAccessAccountPermissions.ProcessMessages) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { messageResult = await queueWithSAS.GetMessageAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.GetMessageAsync(), "Getting a message should fail with SAS without Process and Object-level permissions."); messageResult = await queue.GetMessageAsync(); } Assert.AreEqual(messageText, messageResult.AsString); string newMessageContent = "new content"; messageResult.SetMessageContent(newMessageContent); if (((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await queueWithSAS.UpdateMessageAsync(messageResult, TimeSpan.Zero, MessageUpdateFields.Content | MessageUpdateFields.Visibility); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.UpdateMessageAsync(messageResult, TimeSpan.Zero, MessageUpdateFields.Content | MessageUpdateFields.Visibility), "Updating a message should fail with SAS without Update and Object-level permissions."); await queue.UpdateMessageAsync(messageResult, TimeSpan.Zero, MessageUpdateFields.Content | MessageUpdateFields.Visibility); } messageResult = await queue.PeekMessageAsync(); Assert.AreEqual(newMessageContent, messageResult.AsString); if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await queueWithSAS.ClearAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await queueWithSAS.ClearAsync(), "Clearing messages should fail with SAS without delete and Object-level permissions."); } } finally { queueClient.GetQueueReference(queueName).DeleteIfExistsAsync().Wait(); } }
public async Task RunPermissionsTestBlobs(SharedAccessAccountPolicy policy) { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, blobClient.StorageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlobContainer container = blobClient.GetContainerReference(containerName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the container (Create / Write perms, Container RT) // List containers with prefix (List perms, Service RT) // Create an append blob (Create / Write perms, Object RT) // Append a block to append blob (Add / Write perms, Object RT) // Read the data from the append blob (Read perms, Object RT) // Delete the blob (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await containerWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await containerWithSAS.CreateAsync(), "Create a container should fail with SAS without Create or Write and Container-level permissions."); await container.CreateAsync(); } Assert.IsTrue(await container.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { ContainerResultSegment segment = await blobClientWithSAS.ListContainersSegmentedAsync(container.Name, null); Assert.AreEqual(container.Name, segment.Results.First().Name); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => { ContainerResultSegment segment = await blobClientWithSAS.ListContainersSegmentedAsync(container.Name, null); segment.Results.First(); }, "List containers should fail with SAS without List and Service-level permissions."); } string blobName = "blob"; CloudAppendBlob appendBlob = container.GetAppendBlobReference(blobName); CloudAppendBlob appendBlobWithSAS = containerWithSAS.GetAppendBlobReference(blobName); if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await appendBlobWithSAS.CreateOrReplaceAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await appendBlobWithSAS.CreateOrReplaceAsync(), "Creating an append blob should fail with SAS without Create or Write and Object-level perms."); await appendBlob.CreateOrReplaceAsync(); } Assert.IsTrue(await appendBlob.ExistsAsync()); string blobText = "blobText"; if ((((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { using (MemoryStream stream = new MemoryStream(Encoding.UTF8.GetBytes(blobText))) { await appendBlobWithSAS.AppendBlockAsync(stream); } } else { using (MemoryStream memStream = new MemoryStream(Encoding.UTF8.GetBytes(blobText))) { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await appendBlobWithSAS.AppendBlockAsync(memStream), "Append a block to an append blob should fail with SAS without Add or Write and Object-level perms."); memStream.Seek(0, SeekOrigin.Begin); await appendBlob.AppendBlockAsync(memStream); } } Assert.AreEqual(blobText, await appendBlob.DownloadTextAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { Assert.AreEqual(blobText, await appendBlobWithSAS.DownloadTextAsync()); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await appendBlobWithSAS.DownloadTextAsync(), "Reading a blob's contents with SAS without Read and Object-level permissions should fail."); } if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await appendBlobWithSAS.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await appendBlobWithSAS.DeleteAsync(), "Deleting a blob with SAS without Delete and Object-level perms should fail."); await appendBlob.DeleteAsync(); } Assert.IsFalse(await appendBlob.ExistsAsync()); } finally { blobClient.GetContainerReference(containerName).DeleteIfExistsAsync().Wait(); } }
public void AccountSASSample() { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); CloudBlobContainer container = blobClient.GetContainerReference(containerName); try { container.Create(); string blobName = "blob"; CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; blockBlob.UploadFromByteArray(data, 0, 4); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); IPAddress invalidIP = IPAddress.Parse("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, blobClient.StorageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlockBlob blockblobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); byte[] target = new byte[4]; OperationContext opContext = new OperationContext(); IPAddress actualIP = null; opContext.ResponseReceived += (sender, e) => { Stream stream = e.Response.GetResponseStream(); stream.Seek(0, SeekOrigin.Begin); using (StreamReader reader = new StreamReader(stream)) { string text = reader.ReadToEnd(); XDocument xdocument = XDocument.Parse(text); actualIP = IPAddress.Parse(xdocument.Descendants("SourceIP").First().Value); } }; bool exceptionThrown = false; try { blockblobWithSAS.DownloadRangeToByteArray(target, 0, 0, 4, null, null, opContext); } catch (StorageException) { exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); policy.IPAddressOrRange = new IPAddressOrRange(actualIP.ToString()); accountSASToken = account.GetSharedAccessSignature(policy); accountSAS = new StorageCredentials(accountSASToken); accountWithSAS = new CloudStorageAccount(accountSAS, blobClient.StorageUri, null, null, null); blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); blockblobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); blockblobWithSAS.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null); for (int i = 0; i < 4; i++) { Assert.AreEqual(data[i], target[i]); } Assert.IsTrue(blockblobWithSAS.StorageUri.PrimaryUri.Equals(blockBlob.Uri)); } finally { container.DeleteIfExists(); } }
public async Task AccountSASSample() { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); CloudBlobContainer container = blobClient.GetContainerReference(containerName); try { await container.CreateAsync(); string blobName = "blob"; CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; await blockBlob.UploadFromByteArrayAsync(data, 0, 4); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); HostName invalidIP = new HostName("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, blobClient.StorageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlockBlob blockblobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); byte[] target = new byte[4]; OperationContext opContext = new OperationContext(); HostName actualIP = null; bool exceptionThrown = false; try { await blockblobWithSAS.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, opContext); } catch (WrappedStorageException e) { exceptionThrown = true; XDocument xdocument = XDocument.Parse(e.Message); string ipString = xdocument.Descendants("SourceIP").First().Value; actualIP = new HostName(ipString); Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); policy.IPAddressOrRange = new IPAddressOrRange(actualIP.ToString()); accountSASToken = account.GetSharedAccessSignature(policy); accountSAS = new StorageCredentials(accountSASToken); accountWithSAS = CloudStorageAccount.Create(accountSAS, blobClient.StorageUri, null, null, null); blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); blockblobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); await blockblobWithSAS.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null); for (int i = 0; i < 4; i++) { Assert.AreEqual(data[i], target[i]); } Assert.IsTrue(blockblobWithSAS.StorageUri.PrimaryUri.Equals(blockBlob.Uri)); } finally { container.DeleteIfExistsAsync().AsTask().Wait(); } }
public Url UsersUrl() { var policy = new SharedAccessTablePolicy { Permissions = SharedAccessTablePermissions.Query, SharedAccessExpiryTime = DateTime.UtcNow.AddDays(2) }; var table = new CloudStorageAccount( new StorageCredentials( CloudConfigurationManager.GetSetting("storageAccountName"), CloudConfigurationManager.GetSetting("storageAccountKey")), true).CreateCloudTableClient().GetTableReference(ApplicationUserStore.UsersTableName); var token = table.GetSharedAccessSignature(policy); return new Url(table.Uri.AbsoluteUri + token); }
public async Task RunPermissionsTestFiles(SharedAccessAccountPolicy policy) { CloudFileClient fileClient = GenerateCloudFileClient(); string shareName = "s" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(fileClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, null, null, null, fileClient.StorageUri); CloudFileClient fileClientWithSAS = accountWithSAS.CreateCloudFileClient(); CloudFileShare shareWithSAS = fileClientWithSAS.GetShareReference(shareName); CloudFileShare share = fileClient.GetShareReference(shareName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the share (Create / Write perms, Container RT) // List shares with prefix (List perms, Service RT) // Create a new file (Create / Write, Object RT) // Add a range to the file (Write, Object RT) // Read the data from the file (Read, Object RT) // Overwrite a file (Write, Object RT) // Delete the file (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await shareWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await shareWithSAS.CreateAsync(), "Creating a share with SAS should fail without Create or Write and Container-level perms."); await share.CreateAsync(); } Assert.IsTrue(await share.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { Assert.AreEqual(shareName, (await fileClientWithSAS.ListSharesSegmentedAsync(shareName, null)).Results.First().Name); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => (await fileClientWithSAS.ListSharesSegmentedAsync(shareName, null)).Results.First(), "Listing shared with SAS should fail without List and Service-level perms."); } string filename = "fileName"; CloudFile fileWithSAS = shareWithSAS.GetRootDirectoryReference().GetFileReference(filename); CloudFile file = share.GetRootDirectoryReference().GetFileReference(filename); //Try creating credentials using SAS Uri directly CloudFile fileWithSASUri = new CloudFile(new Uri(share.Uri + accountSASToken)); byte[] content = new byte[] { 0x1, 0x2, 0x3, 0x4 }; if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.CreateAsync(content.Length); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await fileWithSAS.CreateAsync(content.Length), "Creating a file with SAS should fail without Create or Write and Object-level perms."); await file.CreateAsync(content.Length); } Assert.IsTrue(await file.ExistsAsync()); using (MemoryStream stream = new MemoryStream(content)) { if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.WriteRangeAsync(stream, 0, null); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await fileWithSAS.WriteRangeAsync(stream, 0, null), "Writing a range to a file with SAS should fail without Write and Object-level perms."); stream.Seek(0, SeekOrigin.Begin); await file.WriteRangeAsync(stream, 0, null); } } byte[] result = new byte[content.Length]; await file.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(content[i], result[i]); } if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { result = new byte[content.Length]; await fileWithSAS.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(content[i], result[i]); } } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await fileWithSAS.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length), "Reading a file with SAS should fail without Read and Object-level perms."); } if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.CreateAsync(2); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await fileWithSAS.CreateAsync(2), "Overwriting a file with SAS should fail without Write and Object-level perms."); await file.CreateAsync(2); } result = new byte[content.Length]; await file.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(0, result[i]); } if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await fileWithSAS.DeleteAsync(), "Deleting a file with SAS should fail without Delete and Object-level perms."); await file.DeleteAsync(); } Assert.IsFalse(await file.ExistsAsync()); } finally { fileClient.GetShareReference(shareName).DeleteIfExistsAsync().Wait(); } }
private async Task<string> GetMyFileIPAddressFromService() { CloudFileClient fileClient = GenerateCloudFileClient(); string shareName = "c" + Guid.NewGuid().ToString("N"); CloudFileShare share = fileClient.GetShareReference(shareName); try { await share.CreateAsync(); string fileName = "file"; await share.GetRootDirectoryReference().CreateIfNotExistsAsync(); CloudFile file = share.GetRootDirectoryReference().GetFileReference(fileName); await file.CreateAsync(1024); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; await file.UploadFromByteArrayAsync(data, 0, 4); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); HostName invalidIP = new HostName("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(fileClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, null, fileClient.StorageUri); CloudFileClient fileClientWithSAS = accountWithSAS.CreateCloudFileClient(); CloudFileShare shareWithSAS = fileClientWithSAS.GetShareReference(shareName); CloudFile fileWithSAS = shareWithSAS.GetRootDirectoryReference().GetFileReference(fileName); byte[] target = new byte[4]; string actualIP = null; bool exceptionThrown = false; try { await fileWithSAS.DownloadRangeToByteArrayAsync(target, 0, 0, 4); } catch (StorageException e) { actualIP = e.RequestInformation.ExtendedErrorInformation.AdditionalDetails["SourceIP"]; exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { share.DeleteIfExistsAsync().Wait(); } }
private IPAddress GetMyBlobIPAddressFromService() { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); CloudBlobContainer container = blobClient.GetContainerReference(containerName); try { container.Create(); string blobName = "blob"; CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; blockBlob.UploadFromByteArray(data, 0, 4); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); IPAddress invalidIP = IPAddress.Parse("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, blobClient.StorageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlockBlob blockblobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); byte[] target = new byte[4]; IPAddress actualIP = null; bool exceptionThrown = false; try { blockblobWithSAS.DownloadRangeToByteArray(target, 0, 0, 4); } catch (StorageException e) { string[] parts = e.RequestInformation.HttpStatusMessage.Split(' '); actualIP = IPAddress.Parse(parts[parts.Length - 1].Trim('.')); exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { container.DeleteIfExists(); } }
private async Task<string> GetMyIPAddressFromService() { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); CloudBlobContainer container = blobClient.GetContainerReference(containerName); try { await container.CreateAsync(); string blobName = "blob"; CloudBlockBlob blockBlob = container.GetBlockBlobReference(blobName); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; await blockBlob.UploadFromByteArrayAsync(data, 0, 4); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); HostName invalidIP = new HostName("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, blobClient.StorageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlockBlob blockblobWithSAS = containerWithSAS.GetBlockBlobReference(blobName); byte[] target = new byte[4]; OperationContext opContext = new OperationContext(); string actualIP = null; bool exceptionThrown = false; try { await blockblobWithSAS.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, opContext); } catch (StorageException e) { exceptionThrown = true; actualIP = e.RequestInformation.ExtendedErrorInformation.AdditionalDetails["SourceIP"]; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { container.DeleteIfExistsAsync().Wait(); } }
private IPAddress GetMyQueueIPAddressFromService() { CloudQueueClient queueClient = GenerateCloudQueueClient(); string queueName = "c" + Guid.NewGuid().ToString("N"); CloudQueue queue = queueClient.GetQueueReference(queueName); try { queue.Create(); CloudQueueMessage message = new CloudQueueMessage("content"); queue.AddMessage(message); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); IPAddress invalidIP = IPAddress.Parse("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(queueClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, null, queueClient.StorageUri, null, null); CloudQueueClient queueClientWithSAS = accountWithSAS.CreateCloudQueueClient(); CloudQueue queueWithSAS = queueClientWithSAS.GetQueueReference(queueName); IPAddress actualIP = null; bool exceptionThrown = false; try { queueWithSAS.GetMessage(); } catch (StorageException e) { string[] parts = e.RequestInformation.HttpStatusMessage.Split(' '); actualIP = IPAddress.Parse(parts[parts.Length - 1].Trim('.')); exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { queue.DeleteIfExists(); } }
public async Task RunPermissionsTestTables(SharedAccessAccountPolicy policy) { CloudTableClient tableClient = GenerateCloudTableClient(); string tableName = "t" + Guid.NewGuid().ToString("N"); ServiceProperties initialProperties = await tableClient.GetServicePropertiesAsync(); try { CloudStorageAccount account = new CloudStorageAccount(tableClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, tableClient.StorageUri, null); CloudTableClient tableClientWithSAS = accountWithSAS.CreateCloudTableClient(); CloudTable tableWithSAS = tableClientWithSAS.GetTableReference(tableName); CloudTable table = tableClient.GetTableReference(tableName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the table (Create or Write perms, Container RT) // List tables (List perms, Container RT) // Set table service properties (Write perms, Service RT) // Insert an entity (Add perms, Object RT) // Merge an entity (Update perms, Object RT) // Insert or merge an entity (Add and update perms, Object RT) (test this twice, once for insert, once for merge.) // Query the table for the entity (Read perms, Object RT) // Delete the entity (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await tableWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>( async () => await tableWithSAS.CreateAsync(), "Creating a table with SAS should fail without Add and Container-level permissions."); await table.CreateAsync(); } Assert.IsTrue(await table.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { Assert.AreEqual(tableName, (await tableClientWithSAS.ListTablesSegmentedAsync(tableName, null)).First().Name); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => (await tableClientWithSAS.ListTablesSegmentedAsync(tableName, null)).Results.First(), "Listing tables with SAS should fail without Read and Container-level permissions."); } ServiceProperties properties = new ServiceProperties(new LoggingProperties(), new MetricsProperties(), new MetricsProperties(), new CorsProperties()); properties.Logging = initialProperties.Logging; properties.HourMetrics = initialProperties.HourMetrics; properties.MinuteMetrics = initialProperties.MinuteMetrics; properties.DefaultServiceVersion = initialProperties.DefaultServiceVersion; CorsRule rule = new CorsRule(); string sampleOriginText = "sampleOrigin"; rule.AllowedOrigins.Add(sampleOriginText); rule.AllowedMethods = CorsHttpMethods.Get; rule.MaxAgeInSeconds = 100; properties.Cors.CorsRules.Add(rule); if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { await tableClientWithSAS.SetServicePropertiesAsync(properties); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableClientWithSAS.SetServicePropertiesAsync(properties), "Setting table service properites should fail with SAS without Write and Service-level permissions."); await tableClient.SetServicePropertiesAsync(properties); } Assert.AreEqual(sampleOriginText, rule.AllowedOrigins.First()); string propName = "prop"; string propName2 = "prop2"; DynamicTableEntity entity1 = new DynamicTableEntity(); string partitionKey = "PK"; string rowKeyPrefix = "RK"; entity1.PartitionKey = partitionKey; entity1.RowKey = rowKeyPrefix + "1"; entity1.Properties = new Dictionary<string, EntityProperty>() { { propName, EntityProperty.GeneratePropertyForInt(4) } }; entity1.ETag = "*"; if (((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await tableWithSAS.ExecuteAsync(TableOperation.Insert(entity1)); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.Insert(entity1)), "Inserting an entity should fail without Add and Object-level permissions."); await table.ExecuteAsync(TableOperation.Insert(entity1)); } TableQuery query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity1.PartitionKey, entity1.RowKey)); Assert.AreEqual(entity1.Properties[propName].Int32Value, table.ExecuteQuery(query).First().Properties[propName].Int32Value); entity1.ETag = "*"; DynamicTableEntity entity1changed = new DynamicTableEntity(); entity1changed.PartitionKey = "PK"; entity1changed.RowKey = "RK1"; entity1changed.Properties = new Dictionary<string, EntityProperty>() { { propName2, EntityProperty.GeneratePropertyForInt(5) } }; entity1changed.ETag = "*"; if (((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await tableWithSAS.ExecuteAsync(TableOperation.Merge(entity1changed)); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.Merge(entity1changed)), "Merging an entity should fail without Update and Object-level permissions."); await table.ExecuteAsync(TableOperation.Merge(entity1changed)); } DynamicTableEntity result = table.ExecuteQuery(query).First(); Assert.AreEqual(entity1.Properties[propName].Int32Value, result.Properties[propName].Int32Value); Assert.AreEqual(entity1changed.Properties[propName2].Int32Value, result.Properties[propName2].Int32Value); entity1changed.ETag = "*"; DynamicTableEntity entity2 = new DynamicTableEntity(); entity2.PartitionKey = partitionKey; entity2.RowKey = rowKeyPrefix + "2"; entity2.Properties = new Dictionary<string, EntityProperty>() { { propName, EntityProperty.GeneratePropertyForInt(4) } }; entity2.ETag = "*"; if ((((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2)); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2)), "Inserting or merging an entity should fail without Add and Update and Object-level permissions."); await table.ExecuteAsync(TableOperation.InsertOrMerge(entity2)); } query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity2.PartitionKey, entity2.RowKey)); Assert.AreEqual(entity2.Properties[propName].Int32Value, table.ExecuteQuery(query).First().Properties[propName].Int32Value); entity2.ETag = "*"; DynamicTableEntity entity2changed = new DynamicTableEntity(); entity2changed.PartitionKey = partitionKey; entity2changed.RowKey = rowKeyPrefix + "2"; entity2changed.Properties = new Dictionary<string, EntityProperty>() { { propName2, EntityProperty.GeneratePropertyForInt(5) } }; entity2changed.ETag = "*"; if ((((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) && ((policy.Permissions & SharedAccessAccountPermissions.Update) == SharedAccessAccountPermissions.Update)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2changed)); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.InsertOrMerge(entity2changed)), "Inserting or merging an entity should fail without Add and Update and Object-level permissions."); await table.ExecuteAsync(TableOperation.InsertOrMerge(entity2changed)); } entity2changed.ETag = "*"; result = table.ExecuteQuery(query).First(); Assert.AreEqual(entity2.Properties[propName].Int32Value, result.Properties[propName].Int32Value); Assert.AreEqual(entity2changed.Properties[propName2].Int32Value, result.Properties[propName2].Int32Value); query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey ge '{1}') and (RowKey le '{2}')", entity1.PartitionKey, entity1.RowKey, entity2.RowKey)); if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { List<DynamicTableEntity> entities = tableWithSAS.ExecuteQuery(query).ToList(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => (await tableWithSAS.ExecuteQuerySegmentedAsync(query, null)).ToList(), "Querying tables should fail with SAS without Read and Object-level permissions."); } if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await tableWithSAS.ExecuteAsync(TableOperation.Delete(entity1)); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await tableWithSAS.ExecuteAsync(TableOperation.Delete(entity1)), "Deleting an entity should fail with SAS without Delete and Object-level permissions."); await table.ExecuteAsync(TableOperation.Delete(entity1)); } query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity1.PartitionKey, entity1.RowKey)); Assert.IsFalse(table.ExecuteQuery(query).Any()); } finally { tableClient.GetTableReference(tableName).DeleteIfExistsAsync().Wait(); if (initialProperties != null) { tableClient.SetServicePropertiesAsync(initialProperties).Wait(); } } }
private IPAddress GetMyFileIPAddressFromService() { CloudFileClient fileClient = GenerateCloudFileClient(); string shareName = "c" + Guid.NewGuid().ToString("N"); CloudFileShare share = fileClient.GetShareReference(shareName); try { share.Create(); string fileName = "file"; share.GetRootDirectoryReference().CreateIfNotExists(); CloudFile file = share.GetRootDirectoryReference().GetFileReference(fileName); file.Create(1024); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; file.UploadFromByteArray(data, 0, 4); SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); IPAddress invalidIP = IPAddress.Parse("255.255.255.255"); policy.IPAddressOrRange = new IPAddressOrRange(invalidIP.ToString()); CloudStorageAccount account = new CloudStorageAccount(fileClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, null, null, null, fileClient.StorageUri); CloudFileClient fileClientWithSAS = accountWithSAS.CreateCloudFileClient(); CloudFileShare shareWithSAS = fileClientWithSAS.GetShareReference(shareName); CloudFile fileWithSAS = shareWithSAS.GetRootDirectoryReference().GetFileReference(fileName); byte[] target = new byte[4]; IPAddress actualIP = null; bool exceptionThrown = false; try { fileWithSAS.DownloadRangeToByteArray(target, 0, 0, 4); } catch (StorageException e) { string[] parts = e.RequestInformation.HttpStatusMessage.Split(' '); actualIP = IPAddress.Parse(parts[parts.Length - 1].Trim('.')); exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); return actualIP; } finally { share.DeleteIfExists(); } }
public async Task RunPermissionsTestFiles(SharedAccessAccountPolicy policy) { CloudFileClient fileClient = GenerateCloudFileClient(); string shareName = "s" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(fileClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, null, fileClient.StorageUri); CloudFileClient fileClientWithSAS = accountWithSAS.CreateCloudFileClient(); CloudFileShare shareWithSAS = fileClientWithSAS.GetShareReference(shareName); CloudFileShare share = fileClient.GetShareReference(shareName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the share (Create / Write perms, Container RT) // List shares with prefix (List perms, Service RT) // Create a new file (Create / Write, Object RT) // Add a range to the file (Write, Object RT) // Read the data from the file (Read, Object RT) // Overwrite a file (Write, Object RT) // Delete the file (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await shareWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await shareWithSAS.CreateAsync(), "Creating a share with SAS should fail without Create or Write and Container-level perms."); await share.CreateAsync(); } Assert.IsTrue(await share.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { Assert.AreEqual(shareName, (await fileClientWithSAS.ListSharesSegmentedAsync(shareName, null)).Results.First().Name); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => (await fileClientWithSAS.ListSharesSegmentedAsync(shareName, null)).Results.First(), "Listing shared with SAS should fail without List and Service-level perms."); } string filename = "fileName"; CloudFile fileWithSAS = shareWithSAS.GetRootDirectoryReference().GetFileReference(filename); CloudFile file = share.GetRootDirectoryReference().GetFileReference(filename); byte[] content = new byte[] { 0x1, 0x2, 0x3, 0x4 }; if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.CreateAsync(content.Length); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await fileWithSAS.CreateAsync(content.Length), "Creating a file with SAS should fail without Create or Write and Object-level perms."); await file.CreateAsync(content.Length); } Assert.IsTrue(await file.ExistsAsync()); using (MemoryStream stream = new MemoryStream(content)) { if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.WriteRangeAsync(stream, 0, null); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await fileWithSAS.WriteRangeAsync(stream, 0, null), "Writing a range to a file with SAS should fail without Write and Object-level perms."); stream.Seek(0, SeekOrigin.Begin); await file.WriteRangeAsync(stream, 0, null); } } byte[] result = new byte[content.Length]; await file.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(content[i], result[i]); } if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { result = new byte[content.Length]; await fileWithSAS.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(content[i], result[i]); } } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await fileWithSAS.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length), "Reading a file with SAS should fail without Read and Object-level perms."); } if (((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.CreateAsync(2); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await fileWithSAS.CreateAsync(2), "Overwriting a file with SAS should fail without Write and Object-level perms."); await file.CreateAsync(2); } result = new byte[content.Length]; await file.DownloadRangeToByteArrayAsync(result, 0, 0, content.Length); for (int i = 0; i < content.Length; i++) { Assert.AreEqual(0, result[i]); } if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await fileWithSAS.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync<StorageException>(async () => await fileWithSAS.DeleteAsync(), "Deleting a file with SAS should fail without Delete and Object-level perms."); await file.DeleteAsync(); } Assert.IsFalse(await file.ExistsAsync()); } finally { fileClient.GetShareReference(shareName).DeleteIfExistsAsync().Wait(); } }
public async Task RunQueueTest(SharedAccessAccountPolicy policy, int? httpsPort, OperationContext opContext = null) { CloudQueueClient queueClient = GenerateCloudQueueClient(); string queueName = "q" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(queueClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = queueClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, storageUri, null, null); CloudQueueClient queueClientWithSAS = accountWithSAS.CreateCloudQueueClient(); CloudQueue queueWithSAS = queueClientWithSAS.GetQueueReference(queueName); CloudQueue queue = queueClient.GetQueueReference(queueName); await queue.CreateAsync(); string messageText = "message text"; CloudQueueMessage message = new CloudQueueMessage(messageText); await queue.AddMessageAsync(message); Assert.AreEqual(messageText, (await queueWithSAS.GetMessageAsync(null, null, opContext)).AsString); } finally { queueClient.GetQueueReference(queueName).DeleteIfExistsAsync().Wait(); } }
public async Task RunTableTest(SharedAccessAccountPolicy policy, int? httpsPort, OperationContext opContext = null) { CloudTableClient tableClient = GenerateCloudTableClient(); string tableName = "t" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(tableClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); StorageUri storageUri = tableClient.StorageUri; if (httpsPort != null) { storageUri = new StorageUri(TransformSchemeAndPort(storageUri.PrimaryUri, "https", httpsPort.Value), TransformSchemeAndPort(storageUri.SecondaryUri, "https", httpsPort.Value)); } CloudStorageAccount accountWithSAS = CloudStorageAccount.Create(accountSAS, null, null, storageUri, null); CloudTableClient tableClientWithSAS = accountWithSAS.CreateCloudTableClient(); CloudTable tableWithSAS = tableClientWithSAS.GetTableReference(tableName); CloudTable table = tableClient.GetTableReference(tableName); await table.CreateAsync(); string propName = "prop"; int propValue = 4; DynamicTableEntity entity1 = new DynamicTableEntity(); string partitionKey = "PK"; string rowKeyPrefix = "RK"; entity1.PartitionKey = partitionKey; entity1.RowKey = rowKeyPrefix + "1"; entity1.Properties = new Dictionary<string, EntityProperty>() { { propName, EntityProperty.GeneratePropertyForInt(propValue) } }; await table.ExecuteAsync(TableOperation.Insert(entity1)); TableQuery query = new TableQuery().Where(string.Format("(PartitionKey eq '{0}') and (RowKey eq '{1}')", entity1.PartitionKey, entity1.RowKey)); Assert.AreEqual(propValue, (await tableWithSAS.ExecuteQuerySegmentedAsync(query, null, null, opContext)).Results.First().Properties[propName].Int32Value); } finally { tableClient.GetTableReference(tableName).DeleteIfExistsAsync().Wait(); } }
public async Task RunPermissionsTestBlobs(SharedAccessAccountPolicy policy) { CloudBlobClient blobClient = GenerateCloudBlobClient(); string containerName = "c" + Guid.NewGuid().ToString("N"); try { CloudStorageAccount account = new CloudStorageAccount(blobClient.Credentials, false); string accountSASToken = account.GetSharedAccessSignature(policy); StorageCredentials accountSAS = new StorageCredentials(accountSASToken); CloudStorageAccount accountWithSAS = new CloudStorageAccount(accountSAS, blobClient.StorageUri, null, null, null); CloudBlobClient blobClientWithSAS = accountWithSAS.CreateCloudBlobClient(); CloudBlobContainer containerWithSAS = blobClientWithSAS.GetContainerReference(containerName); CloudBlobContainer container = blobClient.GetContainerReference(containerName); // General pattern - If current perms support doing a thing with SAS, do the thing with SAS and validate with shared // Otherwise, make sure SAS fails and then do the thing with shared key. // Things to do: // Create the container (Create / Write perms, Container RT) // List containers with prefix (List perms, Service RT) // Create an append blob (Create / Write perms, Object RT) // Append a block to append blob (Add / Write perms, Object RT) // Read the data from the append blob (Read perms, Object RT) // Delete the blob (Delete perms, Object RT) if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)) { await containerWithSAS.CreateAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await containerWithSAS.CreateAsync(), "Create a container should fail with SAS without Create or Write and Container-level permissions."); await container.CreateAsync(); } Assert.IsTrue(await container.ExistsAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.List) == SharedAccessAccountPermissions.List) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)) { ContainerResultSegment segment = null; BlobContinuationToken ct = null; IEnumerable <CloudBlobContainer> results = null; do { segment = await blobClientWithSAS.ListContainersSegmentedAsync(container.Name, ct); ct = segment.ContinuationToken; results = segment.Results; }while(ct != null && !results.Any()); Assert.AreEqual(container.Name, segment.Results.First().Name); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => { ContainerResultSegment segment = await blobClientWithSAS.ListContainersSegmentedAsync(container.Name, null); segment.Results.First(); }, "List containers should fail with SAS without List and Service-level permissions."); } string blobName = "blob"; CloudAppendBlob appendBlob = container.GetAppendBlobReference(blobName); CloudAppendBlob appendBlobWithSAS = containerWithSAS.GetAppendBlobReference(blobName); //Try creating credentials using SAS Uri directly CloudAppendBlob appendBlobWithSASUri = new CloudAppendBlob(new Uri(container.Uri + accountSASToken)); if ((((policy.Permissions & SharedAccessAccountPermissions.Create) == SharedAccessAccountPermissions.Create) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await appendBlobWithSAS.CreateOrReplaceAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await appendBlobWithSAS.CreateOrReplaceAsync(), "Creating an append blob should fail with SAS without Create or Write and Object-level perms."); await appendBlob.CreateOrReplaceAsync(); } Assert.IsTrue(await appendBlob.ExistsAsync()); string blobText = "blobText"; if ((((policy.Permissions & SharedAccessAccountPermissions.Add) == SharedAccessAccountPermissions.Add) || ((policy.Permissions & SharedAccessAccountPermissions.Write) == SharedAccessAccountPermissions.Write)) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { using (MemoryStream stream = new MemoryStream(Encoding.UTF8.GetBytes(blobText))) { await appendBlobWithSAS.AppendBlockAsync(stream); } } else { using (MemoryStream memStream = new MemoryStream(Encoding.UTF8.GetBytes(blobText))) { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await appendBlobWithSAS.AppendBlockAsync(memStream), "Append a block to an append blob should fail with SAS without Add or Write and Object-level perms."); memStream.Seek(0, SeekOrigin.Begin); await appendBlob.AppendBlockAsync(memStream); } } Assert.AreEqual(blobText, await appendBlob.DownloadTextAsync()); if (((policy.Permissions & SharedAccessAccountPermissions.Read) == SharedAccessAccountPermissions.Read) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { Assert.AreEqual(blobText, await appendBlobWithSAS.DownloadTextAsync()); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await appendBlobWithSAS.DownloadTextAsync(), "Reading a blob's contents with SAS without Read and Object-level permissions should fail."); } if (((policy.Permissions & SharedAccessAccountPermissions.Delete) == SharedAccessAccountPermissions.Delete) && ((policy.ResourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)) { await appendBlobWithSAS.DeleteAsync(); } else { await TestHelper.ExpectedExceptionAsync <StorageException>(async() => await appendBlobWithSAS.DeleteAsync(), "Deleting a blob with SAS without Delete and Object-level perms should fail."); await appendBlob.DeleteAsync(); } Assert.IsFalse(await appendBlob.ExistsAsync()); } finally { blobClient.GetContainerReference(containerName).DeleteIfExistsAsync().Wait(); } }