コード例 #1
0
        public async Task SasAuth()
        {
            string storageUri  = StorageUri;
            string accountName = StorageAccountName;
            string accountKey  = PrimaryStorageAccountKey;
            string tableName   = "OfficeSupplies";

            #region Snippet:TablesAuthSas
            // Construct a new <see cref="TableServiceClient" /> using a <see cref="TableSharedKeyCredential" />.

            var credential = new TableSharedKeyCredential(accountName, accountKey);

            var serviceClient = new TableServiceClient(
                new Uri(storageUri),
                credential);

            // Build a shared access signature with the Write and Delete permissions and access to all service resource types.

            TableAccountSasBuilder sasWriteDelete = serviceClient.GetSasBuilder(TableAccountSasPermissions.Write | TableAccountSasPermissions.Delete, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenWriteDelete = sasWriteDelete.Sign(credential);

            // Create the TableServiceClients using the SAS URIs.

            var serviceClientWithSas = new TableServiceClient(new Uri(storageUri), new AzureSasCredential(tokenWriteDelete));

            // Validate that we are able to create a table using the SAS URI with Write and Delete permissions.

            await serviceClientWithSas.CreateTableIfNotExistsAsync(tableName);

            // Validate that we are able to delete a table using the SAS URI with Write and Delete permissions.

            await serviceClientWithSas.DeleteTableAsync(tableName);

            #endregion
        }
コード例 #2
0
        public void ValidateAccountSasCredentialsWithResourceTypes()
        {
            // Create a SharedKeyCredential that we can use to sign the SAS token

            var credential = new TableSharedKeyCredential(TestEnvironment.StorageAccountName, TestEnvironment.PrimaryStorageAccountKey);

            // Build a shared access signature with all permissions and access to only Service resource types.

            TableAccountSasBuilder sasService = service.GetSasBuilder(TableAccountSasPermissions.All, TableAccountSasResourceTypes.Service, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenService = sasService.Sign(credential);

            // Build a shared access signature with all permissions and access to Service and Container resource types.

            TableAccountSasBuilder sasServiceContainer = service.GetSasBuilder(TableAccountSasPermissions.All, TableAccountSasResourceTypes.Service | TableAccountSasResourceTypes.Container, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenServiceContainer = sasServiceContainer.Sign(credential);

            // Build SAS URIs.

            UriBuilder sasUriService = new UriBuilder(ServiceUri)
            {
                Query = tokenService
            };

            UriBuilder sasUriServiceContainer = new UriBuilder(ServiceUri)
            {
                Query = tokenServiceContainer
            };

            // Create the TableServiceClients using the SAS URIs.

            var sasAuthedServiceClientService          = InstrumentClient(new TableServiceClient(new Uri(ServiceUri), new AzureSasCredential(tokenService), InstrumentClientOptions(new TableClientOptions())));
            var sasAuthedServiceClientServiceContainer = InstrumentClient(new TableServiceClient(new Uri(ServiceUri), new AzureSasCredential(tokenServiceContainer), InstrumentClientOptions(new TableClientOptions())));

            // Validate that we are unable to create a table using the SAS URI with access to Service resource types.

            var sasTableName = Recording.GenerateAlphaNumericId("testtable", useOnlyLowercase: true);
            var ex           = Assert.ThrowsAsync <RequestFailedException>(async() => await sasAuthedServiceClientService.CreateTableAsync(sasTableName).ConfigureAwait(false));

            Assert.That(ex.Status, Is.EqualTo((int)HttpStatusCode.Forbidden));
            Assert.That(ex.ErrorCode, Is.EqualTo(TableErrorCode.AuthorizationResourceTypeMismatch.ToString()));

            // Validate that we are able to create a table using the SAS URI with access to Service and Container resource types.

            Assert.That(async() => await sasAuthedServiceClientServiceContainer.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing);

            // Validate that we are able to get table service properties using the SAS URI with access to Service resource types.

            Assert.That(async() => await sasAuthedServiceClientService.GetPropertiesAsync().ConfigureAwait(false), Throws.Nothing);

            // Validate that we are able to get table service properties using the SAS URI with access to Service and Container resource types.

            Assert.That(async() => await sasAuthedServiceClientService.GetPropertiesAsync().ConfigureAwait(false), Throws.Nothing);

            // Validate that we are able to delete a table using the SAS URI with access to Service and Container resource types.

            Assert.That(async() => await sasAuthedServiceClientServiceContainer.DeleteTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing);
        }
        public void SetPermissions(string permissionsString, TableAccountSasPermissions permissions, TableAccountSasResourceTypes resourceTypes)
        {
            var TableAccountSasBuilder = new TableAccountSasBuilder(permissionsString, resourceTypes, DateTimeOffset.Now);

            Assert.That(TableAccountSasBuilder.Permissions, Is.EqualTo(permissionsString));

            TableAccountSasBuilder.SetPermissions(permissions);

            Assert.That(TableAccountSasBuilder.Permissions, Is.EqualTo(permissionsString));
        }
コード例 #4
0
        public void GenerateSasUri(TableServiceClient client, TableSharedKeyCredential cred)
        {
            TableAccountSasPermissions   permissions   = TableAccountSasPermissions.Add;
            TableAccountSasResourceTypes resourceTypes = TableAccountSasResourceTypes.Container;
            var expires     = DateTime.Now.AddDays(1);
            var expectedSas = new TableAccountSasBuilder(permissions, resourceTypes, expires).Sign(cred);

            var actualSas = client.GenerateSasUri(permissions, resourceTypes, expires);

            Assert.AreEqual("?" + expectedSas, actualSas.Query);
        }
コード例 #5
0
        public void ValidateAccountSasCredentialsWithPermissionsWithSasDuplicatedInUri()
        {
            // Create a SharedKeyCredential that we can use to sign the SAS token

            var credential = new TableSharedKeyCredential(TestEnvironment.StorageAccountName, TestEnvironment.PrimaryStorageAccountKey);

            // Build a shared access signature with only Delete permissions and access to all service resource types.

            TableAccountSasBuilder sasDelete = service.GetSasBuilder(TableAccountSasPermissions.Delete, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenDelete = sasDelete.Sign(credential);

            // Build a shared access signature with the Write and Delete permissions and access to all service resource types.

            TableAccountSasBuilder sasWriteDelete = service.GetSasBuilder(TableAccountSasPermissions.Write, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenWriteDelete = sasWriteDelete.Sign(credential);

            // Build SAS URIs.

            UriBuilder sasUriDelete = new UriBuilder(ServiceUri)
            {
                Query = tokenDelete
            };

            UriBuilder sasUriWriteDelete = new UriBuilder(ServiceUri)
            {
                Query = tokenWriteDelete
            };

            // Create the TableServiceClients using the SAS URIs.
            // Intentionally double add the Sas to the endpoint and the cred to validate de-duping
            var sasAuthedServiceDelete      = InstrumentClient(new TableServiceClient(sasUriDelete.Uri, new AzureSasCredential(tokenDelete), InstrumentClientOptions(new TableClientOptions())));
            var sasAuthedServiceWriteDelete = InstrumentClient(new TableServiceClient(sasUriWriteDelete.Uri, new AzureSasCredential(tokenWriteDelete), InstrumentClientOptions(new TableClientOptions())));

            // Validate that we are unable to create a table using the SAS URI with only Delete permissions.

            var sasTableName = Recording.GenerateAlphaNumericId("testtable", useOnlyLowercase: true);
            var ex           = Assert.ThrowsAsync <RequestFailedException>(async() => await sasAuthedServiceDelete.CreateTableAsync(sasTableName).ConfigureAwait(false));

            Assert.That(ex.Status, Is.EqualTo((int)HttpStatusCode.Forbidden));
            Assert.That(ex.ErrorCode, Is.EqualTo(TableErrorCode.AuthorizationPermissionMismatch.ToString()));

            // Validate that we are able to create a table using the SAS URI with Write and Delete permissions.

            Assert.That(async() => await sasAuthedServiceWriteDelete.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing);

            // Validate that we are able to delete a table using the SAS URI with only Delete permissions.

            Assert.That(async() => await sasAuthedServiceDelete.DeleteTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing);
        }
        public void ParseUri(Uri uri)
        {
            // Act
            var TableAccountSasBuilder = new TableAccountSasBuilder(uri);

            // Assert
            Assert.AreEqual(TableSasProtocol.Https, TableAccountSasBuilder.Protocol);
            Assert.AreEqual(new DateTimeOffset(2015, 4, 30, 2, 23, 26, TimeSpan.Zero), TableAccountSasBuilder.ExpiresOn);
            Assert.AreEqual("", TableAccountSasBuilder.Identifier);
            Assert.AreEqual(TableSasIPRange.Parse("168.1.5.60-168.1.5.70"), TableAccountSasBuilder.IPRange);
            Assert.AreEqual("rw", TableAccountSasBuilder.Permissions);
            Assert.AreEqual(TableAccountSasResourceTypes.Service, TableAccountSasBuilder.ResourceTypes);
            Assert.AreEqual(TableSasProtocol.Https, TableAccountSasBuilder.Protocol);
            Assert.AreEqual(new DateTimeOffset(2015, 4, 29, 22, 18, 26, TimeSpan.Zero), TableAccountSasBuilder.StartsOn);
            Assert.AreEqual("2015-04-05", TableAccountSasBuilder.Version);
        }
コード例 #7
0
        public void ValidateAccountSasCredentialsWithPermissions()
        {
            // Create a SharedKeyCredential that we can use to sign the SAS token

            var credential = new TableSharedKeyCredential(TestEnvironment.StorageAccountName, TestEnvironment.PrimaryStorageAccountKey);

            // Build a shared access signature with only Delete permissions and access to all service resource types.

            TableAccountSasBuilder sasDelete = service.GetSasBuilder(TableAccountSasPermissions.Delete, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenDelete = sasDelete.Sign(credential);

            // Build a shared access signature with the Write and Delete permissions and access to all service resource types.

            TableAccountSasBuilder sasWriteDelete = service.GetSasBuilder(TableAccountSasPermissions.Write, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
            string tokenWriteDelete = sasWriteDelete.Sign(credential);

            // Build SAS URIs.

            UriBuilder sasUriDelete = new UriBuilder(TestEnvironment.StorageUri)
            {
                Query = tokenDelete
            };

            UriBuilder sasUriWriteDelete = new UriBuilder(TestEnvironment.StorageUri)
            {
                Query = tokenWriteDelete
            };

            // Create the TableServiceClients using the SAS URIs.

            var sasAuthedServiceDelete      = InstrumentClient(new TableServiceClient(sasUriDelete.Uri, Recording.InstrumentClientOptions(new TableClientOptions())));
            var sasAuthedServiceWriteDelete = InstrumentClient(new TableServiceClient(sasUriWriteDelete.Uri, Recording.InstrumentClientOptions(new TableClientOptions())));

            // Validate that we are unable to create a table using the SAS URI with only Delete permissions.

            var sasTableName = Recording.GenerateAlphaNumericId("testtable", useOnlyLowercase: true);

            Assert.That(async() => await sasAuthedServiceDelete.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.InstanceOf <RequestFailedException>().And.Property("Status").EqualTo((int)HttpStatusCode.Forbidden));

            // Validate that we are able to create a table using the SAS URI with Write and Delete permissions.

            Assert.That(async() => await sasAuthedServiceWriteDelete.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing);

            // Validate that we are able to delete a table using the SAS URI with only Delete permissions.

            Assert.That(async() => await sasAuthedServiceDelete.DeleteTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing);
        }