public async Task SasAuth() { string storageUri = StorageUri; string accountName = StorageAccountName; string accountKey = PrimaryStorageAccountKey; string tableName = "OfficeSupplies"; #region Snippet:TablesAuthSas // Construct a new <see cref="TableServiceClient" /> using a <see cref="TableSharedKeyCredential" />. var credential = new TableSharedKeyCredential(accountName, accountKey); var serviceClient = new TableServiceClient( new Uri(storageUri), credential); // Build a shared access signature with the Write and Delete permissions and access to all service resource types. TableAccountSasBuilder sasWriteDelete = serviceClient.GetSasBuilder(TableAccountSasPermissions.Write | TableAccountSasPermissions.Delete, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenWriteDelete = sasWriteDelete.Sign(credential); // Create the TableServiceClients using the SAS URIs. var serviceClientWithSas = new TableServiceClient(new Uri(storageUri), new AzureSasCredential(tokenWriteDelete)); // Validate that we are able to create a table using the SAS URI with Write and Delete permissions. await serviceClientWithSas.CreateTableIfNotExistsAsync(tableName); // Validate that we are able to delete a table using the SAS URI with Write and Delete permissions. await serviceClientWithSas.DeleteTableAsync(tableName); #endregion }
public void ValidateAccountSasCredentialsWithResourceTypes() { // Create a SharedKeyCredential that we can use to sign the SAS token var credential = new TableSharedKeyCredential(TestEnvironment.StorageAccountName, TestEnvironment.PrimaryStorageAccountKey); // Build a shared access signature with all permissions and access to only Service resource types. TableAccountSasBuilder sasService = service.GetSasBuilder(TableAccountSasPermissions.All, TableAccountSasResourceTypes.Service, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenService = sasService.Sign(credential); // Build a shared access signature with all permissions and access to Service and Container resource types. TableAccountSasBuilder sasServiceContainer = service.GetSasBuilder(TableAccountSasPermissions.All, TableAccountSasResourceTypes.Service | TableAccountSasResourceTypes.Container, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenServiceContainer = sasServiceContainer.Sign(credential); // Build SAS URIs. UriBuilder sasUriService = new UriBuilder(ServiceUri) { Query = tokenService }; UriBuilder sasUriServiceContainer = new UriBuilder(ServiceUri) { Query = tokenServiceContainer }; // Create the TableServiceClients using the SAS URIs. var sasAuthedServiceClientService = InstrumentClient(new TableServiceClient(new Uri(ServiceUri), new AzureSasCredential(tokenService), InstrumentClientOptions(new TableClientOptions()))); var sasAuthedServiceClientServiceContainer = InstrumentClient(new TableServiceClient(new Uri(ServiceUri), new AzureSasCredential(tokenServiceContainer), InstrumentClientOptions(new TableClientOptions()))); // Validate that we are unable to create a table using the SAS URI with access to Service resource types. var sasTableName = Recording.GenerateAlphaNumericId("testtable", useOnlyLowercase: true); var ex = Assert.ThrowsAsync <RequestFailedException>(async() => await sasAuthedServiceClientService.CreateTableAsync(sasTableName).ConfigureAwait(false)); Assert.That(ex.Status, Is.EqualTo((int)HttpStatusCode.Forbidden)); Assert.That(ex.ErrorCode, Is.EqualTo(TableErrorCode.AuthorizationResourceTypeMismatch.ToString())); // Validate that we are able to create a table using the SAS URI with access to Service and Container resource types. Assert.That(async() => await sasAuthedServiceClientServiceContainer.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing); // Validate that we are able to get table service properties using the SAS URI with access to Service resource types. Assert.That(async() => await sasAuthedServiceClientService.GetPropertiesAsync().ConfigureAwait(false), Throws.Nothing); // Validate that we are able to get table service properties using the SAS URI with access to Service and Container resource types. Assert.That(async() => await sasAuthedServiceClientService.GetPropertiesAsync().ConfigureAwait(false), Throws.Nothing); // Validate that we are able to delete a table using the SAS URI with access to Service and Container resource types. Assert.That(async() => await sasAuthedServiceClientServiceContainer.DeleteTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing); }
public void ValidateAccountSasCredentialsWithPermissionsWithSasDuplicatedInUri() { // Create a SharedKeyCredential that we can use to sign the SAS token var credential = new TableSharedKeyCredential(TestEnvironment.StorageAccountName, TestEnvironment.PrimaryStorageAccountKey); // Build a shared access signature with only Delete permissions and access to all service resource types. TableAccountSasBuilder sasDelete = service.GetSasBuilder(TableAccountSasPermissions.Delete, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenDelete = sasDelete.Sign(credential); // Build a shared access signature with the Write and Delete permissions and access to all service resource types. TableAccountSasBuilder sasWriteDelete = service.GetSasBuilder(TableAccountSasPermissions.Write, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenWriteDelete = sasWriteDelete.Sign(credential); // Build SAS URIs. UriBuilder sasUriDelete = new UriBuilder(ServiceUri) { Query = tokenDelete }; UriBuilder sasUriWriteDelete = new UriBuilder(ServiceUri) { Query = tokenWriteDelete }; // Create the TableServiceClients using the SAS URIs. // Intentionally double add the Sas to the endpoint and the cred to validate de-duping var sasAuthedServiceDelete = InstrumentClient(new TableServiceClient(sasUriDelete.Uri, new AzureSasCredential(tokenDelete), InstrumentClientOptions(new TableClientOptions()))); var sasAuthedServiceWriteDelete = InstrumentClient(new TableServiceClient(sasUriWriteDelete.Uri, new AzureSasCredential(tokenWriteDelete), InstrumentClientOptions(new TableClientOptions()))); // Validate that we are unable to create a table using the SAS URI with only Delete permissions. var sasTableName = Recording.GenerateAlphaNumericId("testtable", useOnlyLowercase: true); var ex = Assert.ThrowsAsync <RequestFailedException>(async() => await sasAuthedServiceDelete.CreateTableAsync(sasTableName).ConfigureAwait(false)); Assert.That(ex.Status, Is.EqualTo((int)HttpStatusCode.Forbidden)); Assert.That(ex.ErrorCode, Is.EqualTo(TableErrorCode.AuthorizationPermissionMismatch.ToString())); // Validate that we are able to create a table using the SAS URI with Write and Delete permissions. Assert.That(async() => await sasAuthedServiceWriteDelete.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing); // Validate that we are able to delete a table using the SAS URI with only Delete permissions. Assert.That(async() => await sasAuthedServiceDelete.DeleteTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing); }
public void ValidateAccountSasCredentialsWithPermissions() { // Create a SharedKeyCredential that we can use to sign the SAS token var credential = new TableSharedKeyCredential(TestEnvironment.StorageAccountName, TestEnvironment.PrimaryStorageAccountKey); // Build a shared access signature with only Delete permissions and access to all service resource types. TableAccountSasBuilder sasDelete = service.GetSasBuilder(TableAccountSasPermissions.Delete, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenDelete = sasDelete.Sign(credential); // Build a shared access signature with the Write and Delete permissions and access to all service resource types. TableAccountSasBuilder sasWriteDelete = service.GetSasBuilder(TableAccountSasPermissions.Write, TableAccountSasResourceTypes.All, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)); string tokenWriteDelete = sasWriteDelete.Sign(credential); // Build SAS URIs. UriBuilder sasUriDelete = new UriBuilder(TestEnvironment.StorageUri) { Query = tokenDelete }; UriBuilder sasUriWriteDelete = new UriBuilder(TestEnvironment.StorageUri) { Query = tokenWriteDelete }; // Create the TableServiceClients using the SAS URIs. var sasAuthedServiceDelete = InstrumentClient(new TableServiceClient(sasUriDelete.Uri, Recording.InstrumentClientOptions(new TableClientOptions()))); var sasAuthedServiceWriteDelete = InstrumentClient(new TableServiceClient(sasUriWriteDelete.Uri, Recording.InstrumentClientOptions(new TableClientOptions()))); // Validate that we are unable to create a table using the SAS URI with only Delete permissions. var sasTableName = Recording.GenerateAlphaNumericId("testtable", useOnlyLowercase: true); Assert.That(async() => await sasAuthedServiceDelete.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.InstanceOf <RequestFailedException>().And.Property("Status").EqualTo((int)HttpStatusCode.Forbidden)); // Validate that we are able to create a table using the SAS URI with Write and Delete permissions. Assert.That(async() => await sasAuthedServiceWriteDelete.CreateTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing); // Validate that we are able to delete a table using the SAS URI with only Delete permissions. Assert.That(async() => await sasAuthedServiceDelete.DeleteTableAsync(sasTableName).ConfigureAwait(false), Throws.Nothing); }