/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="BlobSasQueryParameters"/> used for authenticating /// requests. /// </returns> public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); EnsureState(); var startTime = SasQueryParameters.FormatTimesForSasSigning(StartsOn); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiresOn); // See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", Permissions, startTime, expiryTime, GetCanonicalName(sharedKeyCredential.AccountName, BlobContainerName ?? String.Empty, BlobName ?? String.Empty), Identifier, IPRange.ToString(), Protocol.ToProtocolString(), Version, Resource, Snapshot, CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType); var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new BlobSasQueryParameters( version: Version, services: default,
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="SasQueryParameters"/> used for authenticating requests. /// </returns> public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); string resource; if (String.IsNullOrEmpty(this.FilePath)) { // Make sure the permission characters are in the correct order this.Permissions = ShareSasPermissions.Parse(this.Permissions).ToString(); resource = Constants.Sas.Resource.Share; } else { // Make sure the permission characters are in the correct order this.Permissions = FileSasPermissions.Parse(this.Permissions).ToString(); resource = Constants.Sas.Resource.File; } if (String.IsNullOrEmpty(this.Version)) { this.Version = SasQueryParameters.DefaultSasVersion; } var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", this.Permissions, startTime, expiryTime, GetCanonicalName(sharedKeyCredential.AccountName, this.ShareName ?? String.Empty, this.FilePath ?? String.Empty), this.Identifier, this.IPRange.ToString(), this.Protocol.ToString(), this.Version, this.CacheControl, this.ContentDisposition, this.ContentEncoding, this.ContentLanguage, this.ContentType); var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new SasQueryParameters( version: this.Version, services: null, resourceTypes: null, protocol: this.Protocol, startTime: this.StartTime, expiryTime: this.ExpiryTime, ipRange: this.IPRange, identifier: this.Identifier, resource: resource, permissions: this.Permissions, signature: signature); return(p); }
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="SasQueryParameters"/> used for authenticating /// requests. /// </returns> public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); if (ExpiresOn == default) { throw Errors.SasMissingData(nameof(ExpiresOn)); } if (string.IsNullOrEmpty(Permissions)) { throw Errors.SasMissingData(nameof(Permissions)); } if (string.IsNullOrEmpty(Version)) { Version = SasQueryParameters.DefaultSasVersion; } var startTime = SasQueryParameters.FormatTimesForSasSigning(StartsOn); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiresOn); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = string.Join("\n", Permissions, startTime, expiryTime, GetCanonicalName(sharedKeyCredential.AccountName, QueueName ?? string.Empty), Identifier, IPRange.ToString(), Protocol.ToProtocolString(), Version); var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new SasQueryParameters( version: Version, services: default,
internal static new SasQueryParameters Create( string version, AccountSasServices?services, AccountSasResourceTypes?resourceTypes, SasProtocol protocol, DateTimeOffset startsOn, DateTimeOffset expiresOn, SasIPRange ipRange, string identifier, string resource, string permissions, string signature, string cacheControl = default, string contentDisposition = default, string contentEncoding = default, string contentLanguage = default, string contentType = default) => SasQueryParameters.Create( version, services, resourceTypes, protocol, startsOn, expiresOn, ipRange, identifier, resource, permissions, signature, cacheControl, contentDisposition, contentEncoding, contentLanguage, contentType);
/// <summary> /// Use an account's <see cref="UserDelegationKey"/> to sign this /// shared access signature values to produce the propery SAS query /// parameters for authenticating requests. /// </summary> /// <param name="userDelegationKey"> /// A <see cref="UserDelegationKey"/> returned from /// <see cref="Azure.Storage.Blobs.BlobServiceClient.GetUserDelegationKeyAsync"/>. /// </param> /// <param name="accountName">The name of the storage account.</param> /// <returns> /// The <see cref="BlobSasQueryParameters"/> used for authenticating requests. /// </returns> public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName) { userDelegationKey = userDelegationKey ?? throw new ArgumentNullException(nameof(userDelegationKey)); this.EnsureState(); var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime); var signedStart = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedStart); var signedExpiry = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedExpiry); // See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", this.Permissions, startTime, expiryTime, GetCanonicalName(accountName, this.ContainerName ?? String.Empty, this.BlobName ?? String.Empty), userDelegationKey.SignedOid, userDelegationKey.SignedTid, signedStart, signedExpiry, userDelegationKey.SignedService, userDelegationKey.SignedVersion, this.IPRange.ToString(), this.Protocol.ToString(), this.Version, this.Resource, this.Snapshot, this.CacheControl, this.ContentDisposition, this.ContentEncoding, this.ContentLanguage, this.ContentType); var signature = ComputeHMACSHA256(userDelegationKey.Value, stringToSign); var p = new BlobSasQueryParameters( version: this.Version, services: null, resourceTypes: null, protocol: this.Protocol, startTime: this.StartTime, expiryTime: this.ExpiryTime, ipRange: this.IPRange, identifier: null, resource: this.Resource, permissions: this.Permissions, keyOid: userDelegationKey.SignedOid, keyTid: userDelegationKey.SignedTid, keyStart: userDelegationKey.SignedStart, keyExpiry: userDelegationKey.SignedExpiry, keyService: userDelegationKey.SignedService, keyVersion: userDelegationKey.SignedVersion, signature: signature); return(p); }
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="SasQueryParameters"/> used for authenticating requests. /// </returns> public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); string resource; if (string.IsNullOrEmpty(FilePath)) { // Make sure the permission characters are in the correct order Permissions = ShareSasPermissions.Parse(Permissions).ToString(); resource = Constants.Sas.Resource.Share; } else { // Make sure the permission characters are in the correct order Permissions = FileSasPermissions.Parse(Permissions).ToString(); resource = Constants.Sas.Resource.File; } if (string.IsNullOrEmpty(Version)) { Version = SasQueryParameters.DefaultSasVersion; } var startTime = SasQueryParameters.FormatTimesForSasSigning(StartsOn); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiresOn); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = string.Join("\n", Permissions, startTime, expiryTime, GetCanonicalName(sharedKeyCredential.AccountName, ShareName ?? string.Empty, FilePath ?? string.Empty), Identifier, IPRange.ToString(), Protocol.ToProtocolString(), Version, CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType); var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new SasQueryParameters( version: Version, services: default,
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="SasQueryParameters"/> used for authenticating /// requests. /// </returns> public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { // https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); if (this.ExpiryTime == default || String.IsNullOrEmpty(this.Permissions) || String.IsNullOrEmpty(this.ResourceTypes) || String.IsNullOrEmpty(this.Services)) { throw Errors.AccountSasMissingData(); } if (String.IsNullOrEmpty(this.Version)) { this.Version = SasQueryParameters.DefaultSasVersion; } // Make sure the permission characters are in the correct order this.Permissions = AccountSasPermissions.Parse(this.Permissions).ToString(); var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", sharedKeyCredential.AccountName, this.Permissions, this.Services, this.ResourceTypes, startTime, expiryTime, this.IPRange.ToString(), this.Protocol.ToString(), this.Version, ""); // That's right, the account SAS requires a terminating extra newline var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new SasQueryParameters( this.Version, this.Services, this.ResourceTypes, this.Protocol, this.StartTime, this.ExpiryTime, this.IPRange, null, // Identifier null, // Resource this.Permissions, signature); return(p); }
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="SasQueryParameters"/> used for authenticating /// requests. /// </returns> public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { // https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); if (ExpiresOn == default || string.IsNullOrEmpty(Permissions) || ResourceTypes == default || Services == default) { throw Errors.AccountSasMissingData(); } Version = SasQueryParametersInternals.DefaultSasVersionInternal; string startTime = SasExtensions.FormatTimesForSasSigning(StartsOn); string expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx string stringToSign = string.Join("\n", sharedKeyCredential.AccountName, Permissions, Services.ToPermissionsString(), ResourceTypes.ToPermissionsString(), startTime, expiryTime, IPRange.ToString(), Protocol.ToProtocolString(), Version, EncryptionScope, string.Empty); // That's right, the account SAS requires a terminating extra newline string signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); SasQueryParameters p = SasQueryParametersInternals.Create( Version, Services, ResourceTypes, Protocol, StartsOn, ExpiresOn, IPRange, identifier: null, resource: null, Permissions, signature, encryptionScope: EncryptionScope); return(p); }
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="BlobSasQueryParameters"/> used for authenticating /// requests. /// </returns> public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { sharedKeyCredential = sharedKeyCredential ?? throw new ArgumentNullException(nameof(sharedKeyCredential)); this.EnsureState(); var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime); // See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", this.Permissions, startTime, expiryTime, GetCanonicalName(sharedKeyCredential.AccountName, this.ContainerName ?? String.Empty, this.BlobName ?? String.Empty), this.Identifier, this.IPRange.ToString(), this.Protocol.ToString(), this.Version, this.Resource, this.Snapshot, this.CacheControl, this.ContentDisposition, this.ContentEncoding, this.ContentLanguage, this.ContentType); var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new BlobSasQueryParameters( version: this.Version, services: null, resourceTypes: null, protocol: this.Protocol, startTime: this.StartTime, expiryTime: this.ExpiryTime, ipRange: this.IPRange, identifier: this.Identifier, resource: this.Resource, permissions: this.Permissions, signature: signature); return(p); }
internal static new SasQueryParameters Create( string version, AccountSasServices?services, AccountSasResourceTypes?resourceTypes, SasProtocol protocol, DateTimeOffset startsOn, DateTimeOffset expiresOn, SasIPRange ipRange, string identifier, string resource, string permissions, string signature, string cacheControl = default, string contentDisposition = default, string contentEncoding = default, string contentLanguage = default, string contentType = default, string authorizedAadObjectId = default, string unauthorizedAadObjectId = default, string correlationId = default, int?directoryDepth = default, string encryptionScope = default) => SasQueryParameters.Create( version: version, services: services, resourceTypes: resourceTypes, protocol: protocol, startsOn: startsOn, expiresOn: expiresOn, ipRange: ipRange, identifier: identifier, resource: resource, permissions: permissions, signature: signature, cacheControl: cacheControl, contentDisposition: contentDisposition, contentEncoding: contentEncoding, contentLanguage: contentLanguage, contentType: contentType, authorizedAadObjectId: authorizedAadObjectId, unauthorizedAadObjectId: unauthorizedAadObjectId, correlationId: correlationId, directoryDepth: directoryDepth, encryptionScope: encryptionScope);
/// <summary> /// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="sharedKeyCredential"> /// The storage account's <see cref="StorageSharedKeyCredential"/>. /// </param> /// <returns> /// The <see cref="SasQueryParameters"/> used for authenticating /// requests. /// </returns> public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential)); Permissions = QueueAccountSasPermissions.Parse(Permissions).ToString(); if (string.IsNullOrEmpty(Version)) { Version = SasQueryParameters.DefaultSasVersion; } var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime); // String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = string.Join("\n", Permissions, startTime, expiryTime, GetCanonicalName(sharedKeyCredential.AccountName, QueueName ?? string.Empty), Identifier, IPRange.ToString(), Protocol.ToString(), Version); var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign); var p = new SasQueryParameters( version: Version, services: null, resourceTypes: null, protocol: Protocol, startTime: StartTime, expiryTime: ExpiryTime, ipRange: IPRange, identifier: Identifier, resource: null, permissions: Permissions, signature: signature); return(p); }
/// <summary> /// Use an account's <see cref="UserDelegationKey"/> to sign this /// shared access signature values to produce the proper SAS query /// parameters for authenticating requests. /// </summary> /// <param name="userDelegationKey"> /// A <see cref="UserDelegationKey"/> returned from /// <see cref="Azure.Storage.Blobs.BlobServiceClient.GetUserDelegationKeyAsync"/>. /// </param> /// <param name="accountName">The name of the storage account.</param> /// <returns> /// The <see cref="BlobSasQueryParameters"/> used for authenticating requests. /// </returns> public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName) { userDelegationKey = userDelegationKey ?? throw Errors.ArgumentNull(nameof(userDelegationKey)); EnsureState(); var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime); var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime); var signedStart = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedStart); var signedExpiry = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedExpiry); // See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx var stringToSign = String.Join("\n", Permissions, startTime, expiryTime, GetCanonicalName(accountName, BlobContainerName ?? String.Empty, BlobName ?? String.Empty), userDelegationKey.SignedObjectId, userDelegationKey.SignedTenantId, signedStart, signedExpiry, userDelegationKey.SignedService, userDelegationKey.SignedVersion, IPRange.ToString(), Protocol.ToString(), Version, Resource, Snapshot, CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType); var signature = ComputeHMACSHA256(userDelegationKey.Value, stringToSign); var p = new BlobSasQueryParameters( version: Version, services: null, resourceTypes: null, protocol: Protocol, startTime: StartTime, expiryTime: ExpiryTime, ipRange: IPRange, identifier: null, resource: Resource, permissions: Permissions, keyOid: userDelegationKey.SignedObjectId, keyTid: userDelegationKey.SignedTenantId, keyStart: userDelegationKey.SignedStart, keyExpiry: userDelegationKey.SignedExpiry, keyService: userDelegationKey.SignedService, keyVersion: userDelegationKey.SignedVersion, signature: signature, cacheControl: CacheControl, contentDisposition: ContentDisposition, contentEncoding: ContentEncoding, contentLanguage: ContentLanguage, contentType: ContentType); return(p); }
/// <summary> /// Builds the query parameter string for the SasQueryParameters instance. /// </summary> /// <param name="parameters"></param> /// <param name="stringBuilder"> /// StringBuilder instance to add the query params to /// </param> internal static void AppendProperties(this SasQueryParameters parameters, StringBuilder stringBuilder) { if (!string.IsNullOrWhiteSpace(parameters.Version)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Version, parameters.Version); } if (parameters.Services != null) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Services, parameters.Services.Value.ToPermissionsString()); } if (parameters.ResourceTypes != null) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.ResourceTypes, parameters.ResourceTypes.Value.ToPermissionsString()); } if (parameters.Protocol != default) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Protocol, parameters.Protocol.ToProtocolString()); } if (parameters.StartsOn != DateTimeOffset.MinValue) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.StartTime, WebUtility.UrlEncode(parameters.StartsOn.ToString(Constants.SasTimeFormat, CultureInfo.InvariantCulture))); } if (parameters.ExpiresOn != DateTimeOffset.MinValue) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.ExpiryTime, WebUtility.UrlEncode(parameters.ExpiresOn.ToString(Constants.SasTimeFormat, CultureInfo.InvariantCulture))); } var ipr = parameters.IPRange.ToString(); if (ipr.Length > 0) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.IPRange, ipr); } if (!string.IsNullOrWhiteSpace(parameters.Identifier)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Identifier, parameters.Identifier); } if (!string.IsNullOrWhiteSpace(parameters.Resource)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Resource, parameters.Resource); } if (!string.IsNullOrWhiteSpace(parameters.Permissions)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Permissions, parameters.Permissions); } if (!string.IsNullOrWhiteSpace(parameters.CacheControl)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.CacheControl, parameters.CacheControl); } if (!string.IsNullOrWhiteSpace(parameters.ContentDisposition)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.ContentDisposition, parameters.ContentDisposition); } if (!string.IsNullOrWhiteSpace(parameters.ContentEncoding)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.ContentEncoding, parameters.ContentEncoding); } if (!string.IsNullOrWhiteSpace(parameters.ContentLanguage)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.ContentLanguage, parameters.ContentLanguage); } if (!string.IsNullOrWhiteSpace(parameters.ContentType)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.ContentType, parameters.ContentType); } if (!string.IsNullOrWhiteSpace(parameters.Signature)) { stringBuilder.AppendQueryParameter(Constants.Sas.Parameters.Signature, WebUtility.UrlEncode(parameters.Signature)); } }
internal static new SasQueryParameters Create(IDictionary <string, string> values) => SasQueryParameters.Create(values);