internal string SetAzureTableStoredAccessPolicy(IStorageTableManagement localChannel, string tableName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime) { DateTime?startTimeToSet = startTime; DateTime?expiryTimetoSet = expiryTime; //Get existing permissions CloudTable table = localChannel.GetTableReference(Table); TablePermissions tablePermissions = localChannel.GetTablePermissions(table); //Set the policy with new value if (!tablePermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } SharedAccessTablePolicy policy = tablePermissions.SharedAccessPolicies[policyName]; AccessPolicyHelper.SetupAccessPolicy <SharedAccessTablePolicy>(policy, startTime, expiryTime, permission, noStartTime, noExpiryTime); tablePermissions.SharedAccessPolicies[policyName] = policy; //Set permission back to table localChannel.SetTablePermissions(table, tablePermissions); WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <SharedAccessTablePolicy>(tablePermissions.SharedAccessPolicies, policyName)); return(policyName); }
internal string CreateAzureTableStoredAccessPolicy(IStorageTableManagement localChannel, string tableName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission) { if (!NameUtil.IsValidStoredAccessPolicyName(policyName)) { throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName)); } //Get existing permissions CloudTable table = localChannel.GetTableReference(tableName); TablePermissions tablePermissions = localChannel.GetTablePermissions(table, null, TableOperationContext); //Add new policy if (tablePermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName)); } SharedAccessTablePolicy policy = new SharedAccessTablePolicy(); AccessPolicyHelper.SetupAccessPolicy <SharedAccessTablePolicy>(policy, startTime, expiryTime, permission); tablePermissions.SharedAccessPolicies.Add(policyName, policy); //Set permissions back to table localChannel.SetTablePermissions(table, tablePermissions, null, TableOperationContext); return(policyName); }
/// <summary> /// Creates a shared access policy on the table. /// </summary> /// <param name="table">A CloudTable object.</param> /// <param name="policyName">The name of the stored access policy.</param> /// <returns>A Task object</returns> private static async Task CreateSharedAccessPolicy(CloudTable table, string policyName) { // Create a new shared access policy and define its constraints. // The access policy provides add, update, and query permissions. SharedAccessTablePolicy sharedPolicy = new SharedAccessTablePolicy() { // Permissions enable users to add, update, query, and delete entities in the table. SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Delete }; try { // Get the table's existing permissions. TablePermissions permissions = await table.GetPermissionsAsync(); // Add the new policy to the table's permissions, and update the table's permissions. permissions.SharedAccessPolicies.Add(policyName, sharedPolicy); await table.SetPermissionsAsync(permissions); Console.WriteLine("Wait 30 seconds for pemissions to propagate"); Thread.Sleep(30); } catch (StorageException e) { Console.WriteLine(e.Message); Console.ReadLine(); throw; } }
public override void ExecuteCmdlet() { if (String.IsNullOrEmpty(Name)) { return; } CloudTable table = Channel.GetTableReference(Name); SharedAccessTablePolicy policy = new SharedAccessTablePolicy(); bool shouldSetExpiryTime = SasTokenHelper.ValidateTableAccessPolicy(Channel, table.Name, policy, accessPolicyIdentifier); SetupAccessPolicy(policy, shouldSetExpiryTime); ValidatePkAndRk(StartPartitionKey, StartRowKey, EndPartitionKey, EndRowKey); string sasToken = table.GetSharedAccessSignature(policy, accessPolicyIdentifier, StartPartitionKey, StartRowKey, EndPartitionKey, EndRowKey); if (FullUri) { string fullUri = table.Uri.ToString() + sasToken; WriteObject(fullUri); } else { WriteObject(sasToken); } }
public static async Task <IActionResult> Run([HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req, ILogger log, ExecutionContext context) { //Get SASURI for table access string requestBody = new System.IO.StreamReader(req.Body).ReadToEndAsync().Result; dynamic data = JsonConvert.DeserializeObject(requestBody); string _storageAccountName = data["StorageAccountName"].ToString(); string _storageAccountKey = data["StorageAccountKey"].ToString(); StorageCredentials _storageCredentials = new StorageCredentials(_storageAccountName, _storageAccountKey); CloudStorageAccount SourceStorageAccount = new CloudStorageAccount(storageCredentials: _storageCredentials, accountName: _storageAccountName, endpointSuffix: "core.windows.net", useHttps: true); CloudTableClient client = SourceStorageAccount.CreateCloudTableClient(); var FileListTable = client.GetTableReference("Filelist"); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Update }; var sasToken = FileListTable.GetSharedAccessSignature(policy); var sasCredentials = new StorageCredentials(sasToken); //Run in Debug and break on this point so that you can grab the SASURI return(new OkObjectResult(new { })); }
public void SetupAccessPolicyPermissionTest() { SharedAccessTablePolicy accessPolicy = new SharedAccessTablePolicy(); command.SetupAccessPolicyPermission(accessPolicy, ""); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.None); accessPolicy.Permissions = SharedAccessTablePermissions.Add; command.SetupAccessPolicyPermission(accessPolicy, ""); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Add); command.SetupAccessPolicyPermission(accessPolicy, "u"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Update); command.SetupAccessPolicyPermission(accessPolicy, "uUUU"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Update); command.SetupAccessPolicyPermission(accessPolicy, "drrq"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "rq"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "q"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "r"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "qd"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "audq"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete); command.SetupAccessPolicyPermission(accessPolicy, "dqaaaau"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete); AssertThrows <ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "rwDl")); AssertThrows <ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "x")); AssertThrows <ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "rwx")); AssertThrows <ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "ABC")); }
public override void ExecuteCmdlet() { if (String.IsNullOrEmpty(Name)) { return; } // when user is using oauth credential, the current code uses track 2 sdk, which is why this needs to be blocked here. // reimplement when we deprecate legacy table sdk, probably by adding a new AccountKey cmdlet parameter. if (this.Channel.IsTokenCredential) { throw new ArgumentException("Create Shared Access Signature is not supported while using OAuth."); } CloudTable table = Channel.GetTableReference(Name); SharedAccessTablePolicy policy = new SharedAccessTablePolicy(); bool shouldSetExpiryTime = SasTokenHelper.ValidateTableAccessPolicy(Channel, table.Name, policy, accessPolicyIdentifier); SetupAccessPolicy(policy, shouldSetExpiryTime); ValidatePkAndRk(StartPartitionKey, StartRowKey, EndPartitionKey, EndRowKey); string sasToken = table.GetSharedAccessSignature(policy, accessPolicyIdentifier, StartPartitionKey, StartRowKey, EndPartitionKey, EndRowKey, Protocol, Util.SetupTableIPAddressOrRangeForSAS(IPAddressOrRange)); if (FullUri) { string fullUri = table.Uri.ToString() + sasToken; WriteObject(fullUri); } else { WriteObject(sasToken); } }
/// <summary> /// Set up access policy permission /// </summary> /// <param name="policy">SharedAccessBlobPolicy object</param> /// <param name="permission">Permission</param> internal void SetupAccessPolicyPermission(SharedAccessTablePolicy policy, string permission) { if (string.IsNullOrEmpty(permission)) { return; } policy.Permissions = SharedAccessTablePermissions.None; permission = permission.ToLower(); foreach (char op in permission) { switch (op) { case StorageNouns.Permission.Add: policy.Permissions |= SharedAccessTablePermissions.Add; break; case StorageNouns.Permission.Update: policy.Permissions |= SharedAccessTablePermissions.Update; break; case StorageNouns.Permission.Delete: policy.Permissions |= SharedAccessTablePermissions.Delete; break; case StorageNouns.Permission.Read: case StorageNouns.Permission.Query: policy.Permissions |= SharedAccessTablePermissions.Query; break; default: throw new ArgumentException(string.Format(Resources.InvalidAccessPermission, op)); } } }
private async Task SetupTableStoredAccessPolicyAsync(CloudTable table) { var permissions = await table.GetPermissionsAsync(); var policy = new SharedAccessTablePolicy(); if (permissions.SharedAccessPolicies.Count > 0 && permissions.SharedAccessPolicies.ContainsKey(PolicyName)) { // extend the existing one by 1h policy = permissions.SharedAccessPolicies[PolicyName]; policy.SharedAccessExpiryTime = DateTime.UtcNow.AddHours(48); } else { // create a new one policy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddHours(48), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Update }; permissions.SharedAccessPolicies.Add(PolicyName, policy); } await table.SetPermissionsAsync(permissions); }
static string RequestSasToken(CloudTable table, string customerId) { // Omitting any authentication code since this is beyond the scope of // this sample code // creating a shared access policy that expires in 1 day. // No start time is specified, which means that the token is valid immediately. // The policy specifies full permissions. SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-15), SharedAccessExpiryTime = DateTime.UtcNow.AddDays(1.0), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete }; // Generate the SAS token. No access policy identifier is used which // makes it a non-revocable token // limiting the table SAS access to only the request customer's id string sasToken = table.GetSharedAccessSignature( policy /* access policy */, null /* access policy identifier */, customerId /* start partition key */, null /* start row key */, customerId /* end partition key */, null /* end row key */); return(sasToken); }
/// <summary> /// Manage stored access policies specified on the table /// </summary> /// <param name="table"></param> /// <returns></returns> private static async Task TableAclSample(CloudTable table) { // Set table permissions SharedAccessTablePolicy accessTablePolicy = new SharedAccessTablePolicy(); accessTablePolicy.SharedAccessStartTime = new DateTimeOffset(DateTime.Now); accessTablePolicy.SharedAccessExpiryTime = new DateTimeOffset(DateTime.Now.AddMinutes(10)); accessTablePolicy.Permissions = SharedAccessTablePermissions.Update; TablePermissions permissions = new TablePermissions(); permissions.SharedAccessPolicies.Add("key1", accessTablePolicy); Console.WriteLine("Set table permissions"); await table.SetPermissionsAsync(permissions); // Get table permissions Console.WriteLine("Get table permissions:"); permissions = await table.GetPermissionsAsync(); foreach (var keyValue in permissions.SharedAccessPolicies) { Console.WriteLine(" {0}:", keyValue.Key); Console.WriteLine(" permissions: {0}:", keyValue.Value.Permissions); Console.WriteLine(" start time: {0}:", keyValue.Value.SharedAccessStartTime); Console.WriteLine(" expiry time: {0}:", keyValue.Value.SharedAccessExpiryTime); } }
public void ClearAndAddTestStoredAccessPolicies() { DateTime startTime = DateTime.UtcNow; DateTime expiryTime = startTime.AddDays(1); tableMock.tablePermissions.SharedAccessPolicies.Clear(); SharedAccessTablePolicy testPolicy1 = new SharedAccessTablePolicy(); testPolicy1.Permissions = SharedAccessTablePermissions.None; testPolicy1.Permissions |= SharedAccessTablePermissions.Query; testPolicy1.SharedAccessStartTime = startTime; testPolicy1.SharedAccessExpiryTime = expiryTime; tableMock.tablePermissions.SharedAccessPolicies.Add(PolicyName1, testPolicy1); SharedAccessTablePolicy testPolicy2 = new SharedAccessTablePolicy(); testPolicy1.Permissions = SharedAccessTablePermissions.None; testPolicy1.Permissions |= SharedAccessTablePermissions.Query; testPolicy1.SharedAccessStartTime = startTime; testPolicy1.SharedAccessExpiryTime = expiryTime; tableMock.tablePermissions.SharedAccessPolicies.Add(PolicyName2, testPolicy2); tableMock.ClearAndAddTestSignedIdentifiers( new Tuple <string, TableAccessPolicy>(PolicyName1, new TableAccessPolicy(startTime, expiryTime, "raud")), new Tuple <string, TableAccessPolicy>(PolicyName2, new TableAccessPolicy(startTime, null, "r")), new Tuple <string, TableAccessPolicy>(PolicyName3, new TableAccessPolicy(null, expiryTime, "au")), new Tuple <string, TableAccessPolicy>(PolicyName4, new TableAccessPolicy(null, null, "aud"))); }
/// <summary> /// Private method to generate a SAS URL with given access and permissions. /// </summary> /// <param name="table">The name of the table to give access to.</param> /// <param name="policy">An optional name to create a named policy.</param> /// <param name="query"><c>true</c> to allow query/read permission; otherwise, <c>false</c>.</param> /// <param name="add"><c>true</c> to allow add/insert permission; otherwise, <c>false</c>.</param> /// <param name="update"><c>true</c> to allow update/replace permission; otherwise, <c>false</c>.</param> /// <param name="delete"><c>true</c> to allow delete permission; otherwise, <c>false</c>.</param> /// <param name="startPartitionKey">An optional starting partition key that will limit the range of accessible rows.</param> /// <param name="endPartitionKey">An optional ending partition key that will limit the range of accessible rows.</param> /// <param name="startRowKey">An optional starting row key that will limit the range of accessible rows.</param> /// <param name="endRowKey">An optional ending row key that will limit the range of accessible rows.</param> /// <param name="expiry">An optional <see cref="DateTimeOffset"/> that sets when the access will expire.</param> /// <returns>A SAS URL that can be shared to give the specified access to the table.</returns> private static string GetTableSAS(string table, string policy, bool query, bool add, bool update, bool delete, string startPartitionKey = null, string endPartitionKey = null, string startRowKey = null, string endRowKey = null, DateTimeOffset?expiry = null) { var storage = CloudStorageAccount.Parse(StorageConnectionString); var client = storage.CreateCloudTableClient(); var reference = client.GetTableReference(table); var sas = new SharedAccessTablePolicy(); sas.SharedAccessExpiryTime = expiry ?? DateTimeOffset.MaxValue; sas.Permissions = (query ? SharedAccessTablePermissions.Query : 0) | (add ? SharedAccessTablePermissions.Add : 0) | (update ? SharedAccessTablePermissions.Update : 0) | (delete ? SharedAccessTablePermissions.Delete : 0); if (!String.IsNullOrEmpty(policy)) { // This will fail if the table doesn't exist. var permissions = reference.GetPermissions(); var policies = permissions.SharedAccessPolicies; SharedAccessTablePolicy existing; if (!policies.TryGetValue(policy, out existing)) { policies.Add(policy, existing = sas); } existing.SharedAccessExpiryTime = sas.SharedAccessExpiryTime; existing.Permissions = sas.Permissions; reference.SetPermissions(permissions); sas = new SharedAccessTablePolicy(); } return(reference.Uri + reference.GetSharedAccessSignature(sas, policy, startPartitionKey, startRowKey, endPartitionKey, endRowKey)); }
/// <summary> /// Validate the table access policy /// </summary> /// <param name="policy">SharedAccessBlobPolicy object</param> /// <param name="policyIdentifier">The policy identifier which need to be checked.</param> internal static bool ValidateTableAccessPolicy(IStorageTableManagement channel, string tableName, SharedAccessTablePolicy policy, string policyIdentifier) { if (string.IsNullOrEmpty(policyIdentifier)) { return(true); } CloudTable table = channel.GetTableReference(tableName); TableRequestOptions options = null; OperationContext context = null; TablePermissions permission = channel.GetTablePermissions(table, options, context); SharedAccessTablePolicy sharedAccessPolicy = GetExistingPolicy <SharedAccessTablePolicy>(permission.SharedAccessPolicies, policyIdentifier); if (policy.Permissions != SharedAccessTablePermissions.None) { throw new ArgumentException(Resources.SignedPermissionsMustBeOmitted); } if (policy.SharedAccessExpiryTime.HasValue && sharedAccessPolicy.SharedAccessExpiryTime.HasValue) { throw new ArgumentException(Resources.SignedExpiryTimeMustBeOmitted); } return(!sharedAccessPolicy.SharedAccessExpiryTime.HasValue); }
public async Task <string> RequestStorageTokenAsync(string account, string domain) { await EnsureInitConnectionAsync(); // Omitting any authentication code since this is beyond the scope of // this sample code // creating a shared access policy that expires in 30 minutes. // No start time is specified, which means that the token is valid immediately. // The policy specifies full permissions. SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(AccessPolicyDurationInMinutes), Permissions = SharedAccessTablePermissions.Query }; // Generate the SAS token. No access policy identifier is used which // makes it a non-revocable token // limiting the table SAS access to only the request customer's id string sasToken = this._table.GetSharedAccessSignature( policy /* access policy */, null /* access policy identifier */, domain /* start partition key */, account /* start row key */, domain /* end partition key */, account /* end row key */); return(sasToken); }
public void SetupAccessPolicyTest() { DateTime?start = DateTime.Now; DateTime?end = start.Value.AddHours(1.0); SharedAccessBlobPolicy blobAccessPolicy = new SharedAccessBlobPolicy(); AccessPolicyHelper.SetupAccessPolicy(blobAccessPolicy, start, end, "a"); Assert.AreEqual(blobAccessPolicy.SharedAccessStartTime.Value.UtcDateTime.ToString(), start.Value.ToUniversalTime().ToString()); Assert.AreEqual(blobAccessPolicy.SharedAccessExpiryTime.Value.UtcDateTime.ToString(), end.Value.ToUniversalTime().ToString()); Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.Add); SharedAccessTablePolicy tableAccessPolicy = new SharedAccessTablePolicy(); AccessPolicyHelper.SetupAccessPolicy(tableAccessPolicy, null, end, "d", true); Assert.AreEqual(tableAccessPolicy.SharedAccessStartTime, null); Assert.AreEqual(tableAccessPolicy.SharedAccessExpiryTime.Value.UtcDateTime.ToString(), end.Value.ToUniversalTime().ToString()); Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.Delete); SharedAccessQueuePolicy queueAccessPolicy = new SharedAccessQueuePolicy(); AccessPolicyHelper.SetupAccessPolicy(queueAccessPolicy, start, null, "", noExpiryTime: true); Assert.AreEqual(queueAccessPolicy.SharedAccessStartTime.Value.UtcDateTime.ToString(), start.Value.ToUniversalTime().ToString()); Assert.AreEqual(queueAccessPolicy.SharedAccessExpiryTime, null); Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None); SharedAccessFilePolicy fileAccessPolicy = new SharedAccessFilePolicy(); AccessPolicyHelper.SetupAccessPolicy(fileAccessPolicy, null, null, "dl", true, true); Assert.AreEqual(fileAccessPolicy.SharedAccessStartTime, null); Assert.AreEqual(fileAccessPolicy.SharedAccessExpiryTime, null); Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.List | SharedAccessFilePermissions.Delete); }
/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param> /// <param name="startRowKey">The start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param> /// <param name="endRowKey">The end row key, or <c>null</c>.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetHash( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string resourceName, string sasVersion, byte[] keyValue) { CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName); CommonUtility.AssertNotNull("keyValue", keyValue); CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion); string permissions = null; DateTimeOffset?startTime = null; DateTimeOffset?expiryTime = null; if (policy != null) { permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } //// StringToSign = signedpermissions + "\n" + //// signedstart + "\n" + //// signedexpiry + "\n" + //// canonicalizedresource + "\n" + //// signedidentifier + "\n" + //// signedversion + "\n" + //// startpk + "\n" + //// startrk + "\n" + //// endpk + "\n" + //// endrk //// //// HMAC-SHA256(UTF8.Encode(StringToSign)) string stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, sasVersion, startPartitionKey, startRowKey, endPartitionKey, endRowKey); Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign); return(CryptoUtility.ComputeHmac256(keyValue, stringToSign)); }
private static void WriteSharedAccessIdentifiers(SharedAccessTablePolicies sharedAccessPolicies, Stream outputStream) { WriteSharedAccessIdentifiers(sharedAccessPolicies, outputStream, delegate(SharedAccessTablePolicy policy, XmlWriter writer) { writer.WriteElementString("Start", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString("Expiry", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString("Permission", SharedAccessTablePolicy.PermissionsToString(policy.Permissions)); }); }
public void SetPolicyNoStartTimeNoExpiryTime() { CloudTable table = tableUtil.CreateTable(); Utility.ClearStoredAccessPolicy <CloudTable>(table); Utility.RawStoredAccessPolicy samplePolicy = Utility.SetUpStoredAccessPolicyData <SharedAccessTablePolicy>(lang == Language.NodeJS)[0]; double effectiveTime = 30; try { CreateStoredAccessPolicy(samplePolicy.PolicyName, samplePolicy.Permission, samplePolicy.StartTime, samplePolicy.ExpiryTime, table); //NoStartTime Test.Assert(CommandAgent.SetAzureStorageTableStoredAccessPolicy(table.Name, samplePolicy.PolicyName, null, null, null, true, false), "Set stored access policy with -NoStartTime should succeed"); Thread.Sleep(TimeSpan.FromSeconds(effectiveTime)); SharedAccessTablePolicies expectedPolicies = new SharedAccessTablePolicies(); expectedPolicies.Add(samplePolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(null, samplePolicy.ExpiryTime, samplePolicy.Permission)); Utility.ValidateStoredAccessPolicies <SharedAccessTablePolicy>(table.GetPermissions().SharedAccessPolicies, expectedPolicies); SharedAccessTablePolicy policy = Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(null, samplePolicy.ExpiryTime, samplePolicy.Permission); Collection <Dictionary <string, object> > comp = new Collection <Dictionary <string, object> >(); comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessTablePolicy>(policy, samplePolicy.PolicyName)); CommandAgent.OutputValidation(comp); //NoExpiryTime Test.Assert(CommandAgent.SetAzureStorageTableStoredAccessPolicy(table.Name, samplePolicy.PolicyName, null, null, null, false, true), "Set stored access policy with -NoExpiryTime should succeed"); Thread.Sleep(TimeSpan.FromSeconds(effectiveTime)); expectedPolicies = new SharedAccessTablePolicies(); expectedPolicies.Add(samplePolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(null, null, samplePolicy.Permission)); Utility.ValidateStoredAccessPolicies <SharedAccessTablePolicy>(table.GetPermissions().SharedAccessPolicies, expectedPolicies); policy = Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(null, null, samplePolicy.Permission); comp = new Collection <Dictionary <string, object> >(); comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessTablePolicy>(policy, samplePolicy.PolicyName)); CommandAgent.OutputValidation(comp); //both Utility.ClearStoredAccessPolicy <CloudTable>(table); CreateStoredAccessPolicy(samplePolicy.PolicyName, samplePolicy.Permission, samplePolicy.StartTime, samplePolicy.ExpiryTime, table); Test.Assert(CommandAgent.SetAzureStorageTableStoredAccessPolicy(table.Name, samplePolicy.PolicyName, null, null, null, true, true), "Set stored access policy with both -NoStartTime and -NoExpiryTime should succeed"); Thread.Sleep(TimeSpan.FromSeconds(effectiveTime)); expectedPolicies = new SharedAccessTablePolicies(); expectedPolicies.Add(samplePolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(null, null, samplePolicy.Permission)); Utility.ValidateStoredAccessPolicies <SharedAccessTablePolicy>(table.GetPermissions().SharedAccessPolicies, expectedPolicies); policy = Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(null, null, samplePolicy.Permission); comp = new Collection <Dictionary <string, object> >(); comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessTablePolicy>(policy, samplePolicy.PolicyName)); CommandAgent.OutputValidation(comp); } finally { tableUtil.RemoveTable(table); } }
private SharedAccessTablePolicy CreateTablePermission(string permissions, ref string policyName) { ///permissions: start=0;expiry=30;policy=hello;p=adqu /// var set = permissions.Split(';'); var policy = new SharedAccessTablePolicy(); foreach (var s in set) { var p = s.Split('='); switch (p[0].ToLowerInvariant()) { case "expiry": policy.SharedAccessExpiryTime = DateTime.Now.AddDays(Convert.ToInt32(p[1])); break; case "start": policy.SharedAccessStartTime = DateTime.Now.AddDays(Convert.ToInt32(p[1])); break; case "policy": policyName = p[1]; break; case "p": for (var i = 0; i < p[1].Length; ++i) { switch (Char.ToLowerInvariant(p[1][i])) { case 'a': policy.Permissions |= SharedAccessTablePermissions.Add; break; case 'd': policy.Permissions |= SharedAccessTablePermissions.Delete; break; case 'q': policy.Permissions |= SharedAccessTablePermissions.Query; break; case 'u': policy.Permissions |= SharedAccessTablePermissions.Update; break; } } break; default: throw new Exception("Unknown parameter: " + p[0] + ". Expected: start=<days>;expiry=<days>;policy=<policyName>;p=adqu"); } } return(policy); }
public string GetKeySas(string curso) { SharedAccessTablePolicy policy = new SharedAccessTablePolicy { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Delete }; string token = this.tablaalumnos.GetSharedAccessSignature(policy, null, curso, null, curso, null); return(token); }
/// <summary> /// Update the access policy /// </summary> /// <param name="policy">Access policy object</param> /// <param name="shouldSetExpiryTime">Should set the default expiry time</param> private void SetupAccessPolicy(SharedAccessTablePolicy policy, bool shouldSetExpiryTime) { DateTimeOffset?accessStartTime; DateTimeOffset?accessEndTime; SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime, out accessStartTime, out accessEndTime, shouldSetExpiryTime); policy.SharedAccessStartTime = accessStartTime; policy.SharedAccessExpiryTime = accessEndTime; SetupAccessPolicyPermission(policy, Permission); }
public String GetSeguridadSaS(String division) { CloudTable tabla = GetTablaEquipos(); SharedAccessTablePolicy permisos = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update }; String token = tabla.GetSharedAccessSignature(permisos, null, division, null, division, null); return(token); }
/// <summary> /// Create a service SAS for a Table - SharedAccessTablePolicy - Microsoft.Azure.Cosmos.Table /// SharedAccessTablePolicy: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.cosmos.table.sharedaccesstablepolicy?view=azure-dotnet /// </summary> /// <param name="accountName"></param> /// <param name="accountKey"></param> /// <param name="tableName"></param> /// <param name="policyName"></param> /// <returns> queue.Uri + SAS Token</returns> public static string Get_ServiceSAS_Table(string accountName, string accountKey, string tableName, string policyName = null) { //-------------------------------------------------- // Creating StorageCredentials and table references using the 'Microsoft.Azure.Cosmos.Table' library string tableUri = string.Format("https://{0}.table.core.windows.net", accountName); StorageCredentials storageCredentials = new StorageCredentials(accountName, accountKey); StorageUri uri = new StorageUri(new Uri(tableUri)); CloudTableClient tableClient = new CloudTableClient(uri, storageCredentials); CloudTable table = tableClient.GetTableReference(tableName); //-------------------------------------------------- // Create a new access policy and define its constraints, using the 'Microsoft.Azure.Cosmos.Table' library. // Note that the SharedAccessTablePolicy class is used both to define the parameters of an ad hoc SAS, and // to construct a shared access policy that is saved to the container's shared access policies. Microsoft.Azure.Cosmos.Table.SharedAccessTablePolicy tablePolicy; try { tablePolicy = new SharedAccessTablePolicy() { Permissions = Set_PermissionsFromStr_ServiceSAS_Tables(), // SharedAccessStartTime = SharedAccessExpiryTime = SAS_Utils.SAS.seDateTime }; // Adding the optional fields commented out above //----------------------------------------------------------- if (!String.IsNullOrEmpty(SAS_Utils.SAS.st.v)) { tablePolicy.SharedAccessStartTime = SAS_Utils.SAS.stDateTime; } //----------------------------------------------------------- } catch (Exception ex) { MessageBox.Show("Error on generating the Table Service SAS\n" + ex, "Invalid SAS parameters", MessageBoxButton.OK, MessageBoxImage.Exclamation); return(""); } if (String.IsNullOrEmpty(policyName)) { // Generate the shared access signature on the table, setting the constraints directly on the signature. //return tableUri + table.GetSharedAccessSignature(blobPolicy); return(table.GetSharedAccessSignature(tablePolicy)); } else { // Generate the shared access signature on the table. In this case, all of the constraints for the // shared access signature are specified on the container's stored access policy. return(table.GetSharedAccessSignature(tablePolicy, policyName)); } }
private static SharedAccessTablePolicy sharedKey() { SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddYears(1), Permissions = SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete }; return(policy); }
/// <summary> /// Creates a Windows Azure SAS key for adding entries to a table. /// Adds a shared policy on the table so that access can later be revoked. If an existing policy with the specified name already /// exists, it is used or altered to match the required level of access (SharedAccessTablePermissions.Add). /// </summary> /// <param name="storageConnectionString">Connection string to storage account where the table resides</param> /// <param name="tableName">The name of the table for which access is granted. If the table does not exist, it is created.</param> /// <param name="sharedPolicyName">The name that is given to the shared policy through which the SAS key is generated</param> /// <param name="expireAfter">How long before the key should expire</param> /// <returns></returns> public Uri CreateAddOnlySasKey(string storageConnectionString, string tableName, string sharedPolicyName, TimeSpan expireAfter) { CloudStorageAccount storageAccount = CloudStorageAccount.Parse(storageConnectionString); CloudTableClient tableClient = storageAccount.CreateCloudTableClient(); CloudTable table = tableClient.GetTableReference(tableName); // Create the table if doesn't exist table.CreateIfNotExists(); // Create a target Shared Policy with desired expiration time and permissions - can later be used to revoke the sas key SharedAccessTablePolicy targetSharedPolicy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.Add(expireAfter), Permissions = SharedAccessTablePermissions.Add }; // Get current table permissions TablePermissions tablePermissions = table.GetPermissions(); // If the table already has a policy with this name if (tablePermissions.SharedAccessPolicies.ContainsKey(sharedPolicyName)) { // update it's values to match the target values Console.WriteLine("Updating existing shared policy"); SharedAccessTablePolicy existingSharedPolicy = tablePermissions.SharedAccessPolicies[sharedPolicyName]; existingSharedPolicy.SharedAccessExpiryTime = targetSharedPolicy.SharedAccessExpiryTime; existingSharedPolicy.Permissions = targetSharedPolicy.Permissions; table.SetPermissions(tablePermissions); } else { // No such policy found - create a new one Console.WriteLine("Adding new shared access policy to table"); tablePermissions.SharedAccessPolicies.Add(sharedPolicyName, targetSharedPolicy); table.SetPermissions(tablePermissions); } // Generate the SAS key string sasTableToken = table.GetSharedAccessSignature( null, sharedPolicyName, null, null, null, null); Uri sasUri = new Uri(table.Uri + sasTableToken); Console.WriteLine("Sas Uri: {0}", sasUri); return(sasUri); }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="tableName">The name of the table associated with this shared access signature.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or null if the key is implicit.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSharedAccessSignatureImpl( SharedAccessTablePolicy policy, string tableName, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string signature, string accountKeyName) { CommonUtils.AssertNotNull("signature", signature); if (policy == null) { return(GetSharedAccessSignatureImpl( null /* policy.Permissions */, null /* policy.SharedAccessStartTime */, null /* policy.SharedAccessExpiryTime */, startPartitionKey, startRowKey, endPartitionKey, endRowKey, accessPolicyIdentifier, null /* resourceType (blob only) */, tableName, signature, accountKeyName)); } string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); if (string.IsNullOrEmpty(permissions)) { permissions = null; } return(GetSharedAccessSignatureImpl( permissions, policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, startPartitionKey, startRowKey, endPartitionKey, endRowKey, accessPolicyIdentifier, null /* resourceType (blob only) */, tableName, signature, accountKeyName)); }
internal void SetStoredAccessPolicyAndValidate(Utility.RawStoredAccessPolicy policy1, Utility.RawStoredAccessPolicy policy2, string tableName = null, bool ifCleanupPolicy = true, bool ifCleanupTable = true) { CloudTable table = tableUtil.CreateTable(tableName); if (ifCleanupPolicy) { Utility.ClearStoredAccessPolicy <CloudTable>(table); } policy2.PolicyName = policy1.PolicyName; try { CommandAgent.NewAzureStorageTableStoredAccessPolicy(table.Name, policy1.PolicyName, policy1.Permission, policy1.StartTime, policy1.ExpiryTime); Test.Assert(CommandAgent.SetAzureStorageTableStoredAccessPolicy(table.Name, policy2.PolicyName, policy2.Permission, policy2.StartTime, policy2.ExpiryTime), "Set stored access policy in table should succeed"); Test.Info("Set stored access policy:{0}", policy2.PolicyName); //get the policy and validate SharedAccessTablePolicies expectedPolicies = new SharedAccessTablePolicies(); if (policy2.StartTime == null) { policy2.StartTime = policy1.StartTime; } if (policy2.ExpiryTime == null) { policy2.ExpiryTime = policy1.ExpiryTime; } if (policy2.Permission == null) { policy2.Permission = policy1.Permission; } expectedPolicies.Add(policy2.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(policy2.StartTime, policy2.ExpiryTime, policy2.Permission)); Utility.WaitForPolicyBecomeValid <CloudTable>(table, policy2); Utility.ValidateStoredAccessPolicies <SharedAccessTablePolicy>(table.GetPermissions().SharedAccessPolicies, expectedPolicies); //validate the output SharedAccessTablePolicy policy = Utility.SetupSharedAccessPolicy <SharedAccessTablePolicy>(policy2.StartTime, policy2.ExpiryTime, policy2.Permission); Collection <Dictionary <string, object> > comp = new Collection <Dictionary <string, object> >(); comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessTablePolicy>(policy, policy2.PolicyName)); CommandAgent.OutputValidation(comp); } finally { if (ifCleanupTable) { tableUtil.RemoveTable(table); } } }
public async Task CloudTableExtensionsTest() { // Arrange var permissions = new TablePermissions(); permissions.SharedAccessPolicies.Add("default", new SharedAccessTablePolicy { Permissions = SharedAccessTablePermissions.Query, SharedAccessExpiryTime = DateTimeOffset.UtcNow, SharedAccessStartTime = DateTimeOffset.UtcNow }); // Act // Create table await _cloudTable.CreateAsync(); // Create table bool createIfNotExistsResult = await _cloudTable.CreateIfNotExistsAsync(); // Check whether table exists bool existsResult = await _cloudTable.ExistsAsync(); // Set & get permissions await _cloudTable.SetPermissionsAsync(permissions); TablePermissions permissionsResult = await _cloudTable.GetPermissionsAsync(); // Delete table await _cloudTable.DeleteAsync(); bool deleteIfExistsResult = await _cloudTable.DeleteIfExistsAsync(); // Assert Assert.False(createIfNotExistsResult); Assert.True(existsResult); Assert.NotNull(permissionsResult); Assert.NotNull(permissionsResult.SharedAccessPolicies); Assert.Equal(permissionsResult.SharedAccessPolicies.Count, permissions.SharedAccessPolicies.Count); foreach (var policy in permissionsResult.SharedAccessPolicies) { Assert.Contains(policy.Key, permissions.SharedAccessPolicies.Keys); SharedAccessTablePolicy value = permissions.SharedAccessPolicies[policy.Key]; Assert.Equal(policy.Value.Permissions, value.Permissions); } Assert.False(deleteIfExistsResult); }
private static string TableInsertAlunos(CloudStorageAccount conta) { CloudTableClient tableClient = conta.CreateCloudTableClient(); CloudTable jogos = tableClient.GetTableReference("jogos"); jogos.CreateIfNotExists(); Jogo santosFluminense = new Jogo("A", "1") { TimeA = "Flu", TimeB = "SAN", DataJogo = new DateTime(2017, 5, 13) }; Jogo palvasco = new Jogo("A", "2") { TimeA = "PAL", TimeB = "VASCO", DataJogo = new DateTime(2017, 5, 14) }; Jogo corponte = new Jogo("A", "3") { TimeA = "COR", TimeB = "PONTE", DataJogo = new DateTime(2017, 5, 14) }; TableBatchOperation lote = new TableBatchOperation(); lote.Add(TableOperation.Insert(santosFluminense)); lote.Add(TableOperation.Insert(palvasco)); // jogos.ExecuteBatch(lote); jogos.Execute(TableOperation.Insert(corponte)); SharedAccessTablePolicy regra = new SharedAccessTablePolicy(); regra.SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-5); regra.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(2); regra.Permissions = SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update; var sasToken = jogos.GetSharedAccessSignature(regra, null, null, null, null, null); return($"{jogos.Uri}{sasToken}"); }