public void GenerateAccountSas_Builder()
{
// Arrange
var constants = new TestConstants(this);
var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1);
AccountSasServices services = AccountSasServices.Blobs;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient(
blobEndpoint,
constants.Sas.SharedKeyCredential, GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
UriBuilder expectedUri = new UriBuilder(blobEndpoint);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString());
}
public void GenerateAccountSas_Builder()
{
// Arrange
TestConstants constants = new TestConstants(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.dfs.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1);
AccountSasServices services = AccountSasServices.Blobs;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
UriBuilder expectedUri = new UriBuilder(serviceUri);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri, sasUri);
}
public void GenerateAccountSas_WrongService_Service()
{
var constants = new TestConstants(this);
var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Files;// Wrong Service
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
BlobServiceClient serviceClient = InstrumentClient(new BlobServiceClient(connectionString, GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
IPRange = new SasIPRange(System.Net.IPAddress.None, System.Net.IPAddress.None),
StartsOn = Recording.UtcNow.AddHours(-1)
};
// Act
try
{
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
Assert.Fail("BlobContainerClient.GenerateSasUri should have failed with an ArgumentException.");
}
catch (InvalidOperationException)
{
// the correct exception came back
}
}
public void GenerateAccountSas_RequiredParameters()
{
// Arrange
TestConstants constants = new TestConstants(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net");
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = InstrumentClient(
new QueueServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(
permissions: permissions,
expiresOn: expiresOn,
resourceTypes: resourceTypes);
// Assert
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes);
UriBuilder expectedUri = new UriBuilder(serviceUri)
{
Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString()
};
Assert.AreEqual(expectedUri.Uri, sasUri);
}
public void GenerateAccountSas_Builder()
{
TestConstants constants = TestConstants.Create(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Queues;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = InstrumentClient(
new QueueServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes);
// Add more properties on the builder
sasBuilder.SetPermissions(permissions);
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes);
UriBuilder expectedUri = new UriBuilder(serviceUri);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri, sasUri);
}
public void GenerateAccountSas_RequiredParameters()
{
// Arrange
var constants = new TestConstants(this);
var queueEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var queueSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, queueStorageUri: (queueEndpoint, queueSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = InstrumentClient(new QueueServiceClient(connectionString, GetOptions()));
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(
permissions: permissions,
expiresOn: expiresOn,
resourceTypes: resourceTypes);
// Assert
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes);
UriBuilder expectedUri = new UriBuilder(queueEndpoint)
{
Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString()
};
Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString());
}
/// <summary>
/// Create a permissions string to provide
/// <see cref="AccountSasBuilder.Permissions"/>.
/// </summary>
/// <returns>A permissions string.</returns>
internal static string ToPermissionsString(this AccountSasPermissions permissions)
{
var sb = new StringBuilder();
if ((permissions & AccountSasPermissions.Read) == AccountSasPermissions.Read)
{
sb.Append(Constants.Sas.Permissions.Read);
}
if ((permissions & AccountSasPermissions.Write) == AccountSasPermissions.Write)
{
sb.Append(Constants.Sas.Permissions.Write);
}
if ((permissions & AccountSasPermissions.Delete) == AccountSasPermissions.Delete)
{
sb.Append(Constants.Sas.Permissions.Delete);
}
if ((permissions & AccountSasPermissions.DeleteVersion) == AccountSasPermissions.DeleteVersion)
{
sb.Append(Constants.Sas.Permissions.DeleteBlobVersion);
}
if ((permissions & AccountSasPermissions.PermanentDelete) == AccountSasPermissions.PermanentDelete)
{
sb.Append(Constants.Sas.Permissions.PermanentDelete);
}
if ((permissions & AccountSasPermissions.List) == AccountSasPermissions.List)
{
sb.Append(Constants.Sas.Permissions.List);
}
if ((permissions & AccountSasPermissions.Add) == AccountSasPermissions.Add)
{
sb.Append(Constants.Sas.Permissions.Add);
}
if ((permissions & AccountSasPermissions.Create) == AccountSasPermissions.Create)
{
sb.Append(Constants.Sas.Permissions.Create);
}
if ((permissions & AccountSasPermissions.Update) == AccountSasPermissions.Update)
{
sb.Append(Constants.Sas.Permissions.Update);
}
if ((permissions & AccountSasPermissions.Process) == AccountSasPermissions.Process)
{
sb.Append(Constants.Sas.Permissions.Process);
}
if ((permissions & AccountSasPermissions.Tag) == AccountSasPermissions.Tag)
{
sb.Append(Constants.Sas.Permissions.Tag);
}
if ((permissions & AccountSasPermissions.Filter) == AccountSasPermissions.Filter)
{
sb.Append(Constants.Sas.Permissions.FilterByTags);
}
if ((permissions & AccountSasPermissions.SetImmutabilityPolicy) == AccountSasPermissions.SetImmutabilityPolicy)
{
sb.Append(Constants.Sas.Permissions.SetImmutabilityPolicy);
}
return(sb.ToString());
}
/// <summary>
/// The <see cref="GenerateAccountSasUri(AccountSasPermissions, DateTimeOffset, AccountSasResourceTypes)"/>
/// returns a <see cref="Uri"/> that generates a Queue
/// Account Shared Access Signature based on the
/// Client properties and parameters passed. The SAS is signed by the
/// shared key credential of the client.
///
/// For more information, see
/// <see href="https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas">
/// Constructing a Service SAS</see>
/// </summary>
/// <param name="permissions">
/// Required. Specifies the list of permissions to be associated with the SAS.
/// See <see cref="AccountSasPermissions"/>.
/// </param>
/// <param name="expiresOn">
/// Required. The time at which the shared access signature becomes invalid.
/// </param>
/// <param name="resourceTypes">
/// Specifies the resource types associated with the shared access signature.
/// The user is restricted to operations on the specified resources.
/// See <see cref="AccountSasResourceTypes"/>.
/// </param>
/// <returns>
/// A <see cref="Uri"/> containing the SAS Uri.
/// </returns>
/// <remarks>
/// A <see cref="RequestFailedException"/> will be thrown if
/// a failure occurs.
/// </remarks>
public Uri GenerateAccountSasUri(
AccountSasPermissions permissions,
DateTimeOffset expiresOn,
AccountSasResourceTypes resourceTypes) =>
GenerateAccountSasUri(new AccountSasBuilder(
permissions,
expiresOn,
AccountSasServices.Queues,
resourceTypes));
public string AccountSasPermissionsToPermissionsString(AccountSasPermissions permissions)
{
var sb = new StringBuilder();
if ((permissions & AccountSasPermissions.Read) == AccountSasPermissions.Read)
{
sb.Append(Constants.Sas.Permissions.Read);
}
if ((permissions & AccountSasPermissions.Write) == AccountSasPermissions.Write)
{
sb.Append(Constants.Sas.Permissions.Write);
}
if ((permissions & AccountSasPermissions.Delete) == AccountSasPermissions.Delete)
{
sb.Append(Constants.Sas.Permissions.Delete);
}
if ((permissions & AccountSasPermissions.DeleteVersion) == AccountSasPermissions.DeleteVersion)
{
sb.Append(Constants.Sas.Permissions.DeleteBlobVersion);
}
if ((permissions & AccountSasPermissions.List) == AccountSasPermissions.List)
{
sb.Append(Constants.Sas.Permissions.List);
}
if ((permissions & AccountSasPermissions.Add) == AccountSasPermissions.Add)
{
sb.Append(Constants.Sas.Permissions.Add);
}
if ((permissions & AccountSasPermissions.Create) == AccountSasPermissions.Create)
{
sb.Append(Constants.Sas.Permissions.Create);
}
if ((permissions & AccountSasPermissions.Update) == AccountSasPermissions.Update)
{
sb.Append(Constants.Sas.Permissions.Update);
}
if ((permissions & AccountSasPermissions.Process) == AccountSasPermissions.Process)
{
sb.Append(Constants.Sas.Permissions.Process);
}
if ((permissions & AccountSasPermissions.Tag) == AccountSasPermissions.Tag)
{
sb.Append(Constants.Sas.Permissions.Tag);
}
if ((permissions & AccountSasPermissions.Filter) == AccountSasPermissions.Filter)
{
sb.Append(Constants.Sas.Permissions.FilterByTags);
}
return(sb.ToString());
}
public SasQueryParameters GetNewAccountSasCredentials(StorageSharedKeyCredential sharedKeyCredentials = default,
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.Container,
AccountSasPermissions permissions = AccountSasPermissions.Create | AccountSasPermissions.Delete)
{
var builder = new AccountSasBuilder
{
Protocol = SasProtocol.None,
Services = AccountSasServices.Files,
ResourceTypes = resourceTypes,
StartsOn = Recording.UtcNow.AddHours(-1),
ExpiresOn = Recording.UtcNow.AddHours(+1),
IPRange = new SasIPRange(IPAddress.None, IPAddress.None)
};
builder.SetPermissions(permissions);
return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials()));
}
public SasQueryParameters GetNewAccountSas(
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All,
AccountSasPermissions permissions = AccountSasPermissions.All,
StorageSharedKeyCredential sharedKeyCredentials = default)
{
var builder = new AccountSasBuilder
{
Protocol = SasProtocol.None,
Services = AccountSasServices.Blobs,
ResourceTypes = resourceTypes,
StartsOn = Recording.UtcNow.AddHours(-1),
ExpiresOn = Recording.UtcNow.AddHours(+1),
IPRange = new SasIPRange(IPAddress.None, IPAddress.None),
Version = ToSasVersion(_serviceVersion)
};
builder.SetPermissions(permissions);
return builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials());
}
internal SharedAccessSignatureCredentials GetAccountSasCredentials(
AccountSasServices services = AccountSasServices.All,
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All,
AccountSasPermissions permissions = AccountSasPermissions.All)
{
var sasBuilder = new AccountSasBuilder
{
ExpiresOn = Recording.UtcNow.AddHours(1),
Services = services,
ResourceTypes = resourceTypes,
Protocol = SasProtocol.Https,
};
sasBuilder.SetPermissions(permissions);
var cred = new StorageSharedKeyCredential(TestConfigDefault.AccountName, TestConfigDefault.AccountKey);
return(new SharedAccessSignatureCredentials(sasBuilder.ToSasQueryParameters(cred).ToString()));
}
/// <inheritdoc />
public string CreateSharedAccessToken(
CreateSharedAccessSignatureConfiguration configuration
, AccountSasPermissions permissions
, AccountSasResourceTypes resourceTypes
, AccountSasServices services = AccountSasServices.Blobs
)
{
var sas = new AccountSasBuilder
{
ResourceTypes = resourceTypes,
Services = services,
StartsOn = DateTimeOffset.UtcNow.AddMinutes(-configuration.ValidFromInMinutes),
ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(configuration.ValidForInMinutes + configuration.ClockScrewInMinutes)
};
sas.SetPermissions(permissions);
return("?" + sas.ToSasQueryParameters(this.Options.CreateStorageSharedKeyCredential()));
}
public async Task FindBlobsByTagAsync_AccountSas(AccountSasPermissions accountSasPermissions)
{
// Arrange
BlobServiceClient service = GetServiceClient_SharedKey();
await using DisposingContainer test = await GetTestContainerAsync();
string blobName = GetNewBlobName();
AppendBlobClient appendBlob = InstrumentClient(test.Container.GetAppendBlobClient(blobName));
string tagKey = "myTagKey";
string tagValue = "myTagValue";
Dictionary <string, string> tags = new Dictionary <string, string>
{
{ tagKey, tagValue }
};
AppendBlobCreateOptions options = new AppendBlobCreateOptions
{
Tags = tags
};
await appendBlob.CreateAsync(options);
string expression = $"\"{tagKey}\"='{tagValue}'";
// It takes a few seconds for Filter Blobs to pick up new changes
await Delay(2000);
// Act
SasQueryParameters sasQueryParameters = GetNewAccountSas(permissions: accountSasPermissions);
BlobServiceClient sasServiceClient = new BlobServiceClient(new Uri($"{service.Uri}?{sasQueryParameters}"), GetOptions());
List <TaggedBlobItem> blobs = new List <TaggedBlobItem>();
await foreach (Page <TaggedBlobItem> page in sasServiceClient.FindBlobsByTagsAsync(expression).AsPages())
{
blobs.AddRange(page.Values);
}
// Assert
TaggedBlobItem filterBlob = blobs.Where(r => r.BlobName == blobName).FirstOrDefault();
Assert.IsNotNull(filterBlob);
}
public void GenerateAccountSas_WrongService_Service()
{
TestConstants constants = TestConstants.Create(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Blobs; // Wrong Service
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = InstrumentClient(
new QueueServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes);
// Act
TestHelper.AssertExpectedException(
() => serviceClient.GenerateAccountSasUri(sasBuilder),
new InvalidOperationException("SAS Uri cannot be generated. builder.Services does specify Queues. builder.Services must either specify Queues or specify all Services are accessible in the value."));
}
public async Task SetImmutibilityPolicyAsync_SetLegalHold_AccoutnSas(AccountSasPermissions sasPermissions)
{
// Arrange
await using DisposingImmutableStorageWithVersioningContainer vlwContainer = await GetTestVersionLevelWormContainer(TestConfigOAuth);
BlobBaseClient blob = await GetNewBlobClient(vlwContainer.Container, GetNewBlobName());
BlobServiceClient sharedKeyServiceClient = InstrumentClient(
GetServiceClient_OAuthAccount_SharedKey());
Uri serviceSasUri = sharedKeyServiceClient.GenerateAccountSasUri(
sasPermissions,
Recording.UtcNow.AddDays(1),
AccountSasResourceTypes.All);
BlobBaseClient sasBlobClient = InstrumentClient(new BlobServiceClient(serviceSasUri, GetOptions())
.GetBlobContainerClient(vlwContainer.Container.Name)
.GetBlobBaseClient(blob.Name));
BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy
{
ExpiresOn = Recording.UtcNow.AddMinutes(5),
PolicyMode = BlobImmutabilityPolicyMode.Unlocked
};
// The service rounds Immutability Policy Expiry to the nearest second.
DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value);
// Act
Response <BlobImmutabilityPolicy> response = await sasBlobClient.SetImmutabilityPolicyAsync(
immutabilityPolicy : immutabilityPolicy);
// Assert
Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn);
Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode);
// Act
Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobClient.SetLegalHoldAsync(hasLegalHold : false);
// Assert
Assert.IsFalse(legalHoldResponse.Value.HasLegalHold);
}
/// <summary>
/// Create a permissions string to provide
/// <see cref="AccountSasBuilder.Permissions"/>.
/// </summary>
/// <returns>A permissions string.</returns>
internal static string ToPermissionsString(this AccountSasPermissions permissions)
{
var sb = new StringBuilder();
if ((permissions & AccountSasPermissions.Read) == AccountSasPermissions.Read)
{
sb.Append(Constants.Sas.Permissions.Read);
}
if ((permissions & AccountSasPermissions.Write) == AccountSasPermissions.Write)
{
sb.Append(Constants.Sas.Permissions.Write);
}
if ((permissions & AccountSasPermissions.Delete) == AccountSasPermissions.Delete)
{
sb.Append(Constants.Sas.Permissions.Delete);
}
if ((permissions & AccountSasPermissions.List) == AccountSasPermissions.List)
{
sb.Append(Constants.Sas.Permissions.List);
}
if ((permissions & AccountSasPermissions.Add) == AccountSasPermissions.Add)
{
sb.Append(Constants.Sas.Permissions.Add);
}
if ((permissions & AccountSasPermissions.Create) == AccountSasPermissions.Create)
{
sb.Append(Constants.Sas.Permissions.Create);
}
if ((permissions & AccountSasPermissions.Update) == AccountSasPermissions.Update)
{
sb.Append(Constants.Sas.Permissions.Update);
}
if ((permissions & AccountSasPermissions.Process) == AccountSasPermissions.Process)
{
sb.Append(Constants.Sas.Permissions.Process);
}
return(sb.ToString());
}
// NewSASQueryParameters uses an account's shared key credential to sign this signature values to produce
// the proper SAS query parameters.
public SasQueryParameters ToSasQueryParameters(SharedKeyCredentials sharedKeyCredential)
{
// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (this.ExpiryTime == default || String.IsNullOrEmpty(this.Permissions) || String.IsNullOrEmpty(this.ResourceTypes) || String.IsNullOrEmpty(this.Services))
{
throw Errors.AccountSasMissingData();
}
if (String.IsNullOrEmpty(this.Version))
{
this.Version = SasQueryParameters.SasVersion;
}
// Make sure the permission characters are in the correct order
this.Permissions = AccountSasPermissions.Parse(this.Permissions).ToString();
var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
sharedKeyCredential.AccountName,
this.Permissions,
this.Services,
this.ResourceTypes,
startTime,
expiryTime,
this.IPRange.ToString(),
this.Protocol.ToString(),
this.Version,
""); // That's right, the account SAS requires a terminating extra newline
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new SasQueryParameters(this.Version, this.Services, this.ResourceTypes, this.Protocol, this.StartTime, this.ExpiryTime, this.IPRange, null, null, this.Permissions, signature);
return(p);
}
/// <summary>
/// Set account permission to SAS builder
/// </summary>
public static AccountSasBuilder SetAccountPermission(AccountSasBuilder sasBuilder, string rawPermission)
{
AccountSasPermissions permission = 0;
foreach (char c in rawPermission)
{
switch (c)
{
case 'r':
permission = permission | AccountSasPermissions.Read;
break;
case 'a':
permission = permission | AccountSasPermissions.Add;
break;
case 'c':
permission = permission | AccountSasPermissions.Create;
break;
case 'w':
permission = permission | AccountSasPermissions.Write;
break;
case 'd':
permission = permission | AccountSasPermissions.Delete;
break;
case 'l':
permission = permission | AccountSasPermissions.List;
break;
case 'u':
permission = permission | AccountSasPermissions.Update;
break;
case 'p':
permission = permission | AccountSasPermissions.Process;
break;
case 't':
permission = permission | AccountSasPermissions.Tag;
break;
case 'f':
permission = permission | AccountSasPermissions.Filter;
break;
case 'x':
permission = permission | AccountSasPermissions.DeleteVersion;
break;
case 'i':
permission = permission | AccountSasPermissions.SetImmutabilityPolicy;
break;
case 'y':
permission = permission | AccountSasPermissions.PermanentDelete;
break;
default:
// Can't convert to permission supported by XSCL, so use raw permission string
sasBuilder.SetPermissions(rawPermission);
return(sasBuilder);
}
}
sasBuilder.SetPermissions(permission);
return(sasBuilder);
}
