/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers)
{
return(this.GetSharedAccessSignature(policy, headers, null /* groupPolicyIdentifier */));
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
return(GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, null, null));
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier)
{
return(this.GetSharedAccessSignature(policy, null /* headers */, groupPolicyIdentifier));
}
public async Task CloudFileSASSharedProtocolsQueryParamAsync()
{
CloudFileShare share = GetRandomShareReference();
try
{
await share.CreateAsync();
CloudFile file;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
Permissions = SharedAccessFilePermissions.Read,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
};
CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile");
byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 };
byte[] target = new byte[4];
await fileWithKey.UploadFromByteArrayAsync(data, 0, 4);
foreach (SharedAccessProtocol?protocol in new SharedAccessProtocol?[] { null, SharedAccessProtocol.HttpsOrHttp, SharedAccessProtocol.HttpsOnly })
{
string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, protocol, null);
StorageCredentials fileSAS = new StorageCredentials(fileToken);
Uri fileSASUri = new Uri(fileWithKey.Uri + fileSAS.SASToken);
StorageUri fileSASStorageUri = new StorageUri(new Uri(fileWithKey.StorageUri.PrimaryUri + fileSAS.SASToken), new Uri(fileWithKey.StorageUri.SecondaryUri + fileSAS.SASToken));
int securePort = 443;
int httpPort = (fileSASUri.Port == securePort) ? 80 : fileSASUri.Port;
if (!string.IsNullOrEmpty(TestBase.TargetTenantConfig.FileSecurePortOverride))
{
securePort = Int32.Parse(TestBase.TargetTenantConfig.FileSecurePortOverride);
}
var schemesAndPorts = new[] {
new { scheme = "HTTP", port = httpPort },
new { scheme = "HTTPS", port = securePort }
};
foreach (var item in schemesAndPorts)
{
fileSASUri = TransformSchemeAndPort(fileSASUri, item.scheme, item.port);
fileSASStorageUri = new StorageUri(TransformSchemeAndPort(fileSASStorageUri.PrimaryUri, item.scheme, item.port), TransformSchemeAndPort(fileSASStorageUri.SecondaryUri, item.scheme, item.port));
if (protocol.HasValue && protocol == SharedAccessProtocol.HttpsOnly && string.CompareOrdinal(item.scheme, "HTTP") == 0)
{
file = new CloudFile(fileSASUri);
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await file.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Access a file using SAS with a shared protocols that does not match",
HttpStatusCode.Unused,
"");
file = new CloudFile(fileSASStorageUri, null);
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await file.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Access a file using SAS with a shared protocols that does not match",
HttpStatusCode.Unused,
"");
}
else
{
file = new CloudFile(fileSASUri);
await file.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
file = new CloudFile(fileSASStorageUri, null);
await file.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
}
}
}
}
finally
{
share.DeleteIfExistsAsync().Wait();
}
}
private static void CloudFileCopy(bool sourceIsSas, bool destinationIsSas)
{
CloudFileShare share = GetRandomShareReference();
try
{
share.Create();
// Create Source on server
CloudFile source = share.GetRootDirectoryReference().GetFileReference("source");
string data = "String data";
UploadText(source, data, Encoding.UTF8);
source.Metadata["Test"] = "value";
source.SetMetadata();
// Create Destination on server
CloudFile destination = share.GetRootDirectoryReference().GetFileReference("destination");
destination.Create(1);
CloudFile copySource = source;
CloudFile copyDestination = destination;
if (sourceIsSas)
{
// Source SAS must have read permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Read;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = source.GetSharedAccessSignature(policy);
// Get source
StorageCredentials credentials = new StorageCredentials(sasToken);
copySource = new CloudFile(credentials.TransformUri(source.Uri));
}
if (destinationIsSas)
{
Assert.IsTrue(sourceIsSas);
// Destination SAS must have write permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Write;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = destination.GetSharedAccessSignature(policy);
// Get destination
StorageCredentials credentials = new StorageCredentials(sasToken);
copyDestination = new CloudFile(credentials.TransformUri(destination.Uri));
}
// Start copy and wait for completion
string copyId = copyDestination.StartCopy(TestHelper.Defiddler(copySource));
WaitForCopy(destination);
// Check original file references for equality
Assert.AreEqual(CopyStatus.Success, destination.CopyState.Status);
Assert.AreEqual(source.Uri.AbsolutePath, destination.CopyState.Source.AbsolutePath);
Assert.AreEqual(data.Length, destination.CopyState.TotalBytes);
Assert.AreEqual(data.Length, destination.CopyState.BytesCopied);
Assert.AreEqual(copyId, destination.CopyState.CopyId);
Assert.IsTrue(destination.CopyState.CompletionTime > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
if (!destinationIsSas)
{
// Abort Copy is not supported for SAS destination
TestHelper.ExpectedException(
() => copyDestination.AbortCopy(copyId),
"Aborting a copy operation after completion should fail",
HttpStatusCode.Conflict,
"NoPendingCopyOperation");
}
source.FetchAttributes();
Assert.IsNotNull(destination.Properties.ETag);
Assert.AreNotEqual(source.Properties.ETag, destination.Properties.ETag);
Assert.IsTrue(destination.Properties.LastModified > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
string copyData = DownloadText(destination, Encoding.UTF8);
Assert.AreEqual(data, copyData, "Data inside copy of file not equal.");
destination.FetchAttributes();
FileProperties prop1 = destination.Properties;
FileProperties prop2 = source.Properties;
Assert.AreEqual(prop1.CacheControl, prop2.CacheControl);
Assert.AreEqual(prop1.ContentEncoding, prop2.ContentEncoding);
Assert.AreEqual(prop1.ContentLanguage, prop2.ContentLanguage);
Assert.AreEqual(prop1.ContentMD5, prop2.ContentMD5);
Assert.AreEqual(prop1.ContentType, prop2.ContentType);
Assert.AreEqual("value", destination.Metadata["Test"], false, "Copied metadata not same");
destination.Delete();
source.Delete();
}
finally
{
share.DeleteIfExists();
}
}
public void CloudFileSASIPAddressHelper(Func <IPAddressOrRange> generateInitialIPAddressOrRange, Func <IPAddress, IPAddressOrRange> generateFinalIPAddressOrRange)
{
CloudFileShare share = GetRandomShareReference();
try
{
share.Create();
CloudFile file;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
Permissions = SharedAccessFilePermissions.Read,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
};
CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile");
byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 };
fileWithKey.UploadFromByteArray(data, 0, 4);
// We need an IP address that will never be a valid source
IPAddressOrRange ipAddressOrRange = generateInitialIPAddressOrRange();
string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange);
StorageCredentials fileSAS = new StorageCredentials(fileToken);
Uri fileSASUri = fileSAS.TransformUri(fileWithKey.Uri);
StorageUri fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri);
file = new CloudFile(fileSASUri);
byte[] target = new byte[4];
OperationContext opContext = new OperationContext();
IPAddress actualIP = null;
opContext.ResponseReceived += (sender, e) =>
{
Stream stream = HttpResponseParsers.GetResponseStream(e.Response);
stream.Seek(0, SeekOrigin.Begin);
using (StreamReader reader = new StreamReader(stream))
{
string text = reader.ReadToEnd();
XDocument xdocument = XDocument.Parse(text);
actualIP = IPAddress.Parse(xdocument.Descendants("SourceIP").First().Value);
}
};
bool exceptionThrown = false;
try
{
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, opContext);
}
catch (StorageException)
{
exceptionThrown = true;
//The IP should not be included in the error details for security reasons
Assert.IsNull(actualIP);
}
Assert.IsTrue(exceptionThrown);
ipAddressOrRange = null;
fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange);
fileSAS = new StorageCredentials(fileToken);
fileSASUri = fileSAS.TransformUri(fileWithKey.Uri);
fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri);
file = new CloudFile(fileSASUri);
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
Assert.IsTrue(file.StorageUri.PrimaryUri.Equals(fileWithKey.Uri));
Assert.IsNull(file.StorageUri.SecondaryUri);
file = new CloudFile(fileSASStorageUri, null);
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
Assert.IsTrue(file.StorageUri.Equals(fileWithKey.StorageUri));
}
finally
{
share.DeleteIfExists();
}
}
private static void CloudFileCopy(bool sourceIsSas, bool destinationIsSas)
{
CloudFileShare share = GetRandomShareReference();
try
{
share.Create();
// Create Source on server
CloudFile source = share.GetRootDirectoryReference().GetFileReference("source");
string data = "String data";
UploadText(source, data, Encoding.UTF8);
source.Metadata["Test"] = "value";
source.SetMetadata();
string permission = "O:S-1-5-21-2127521184-1604012920-1887927527-21560751G:S-1-5-21-2127521184-1604012920-1887927527-513D:AI(A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;S-1-5-21-397955417-626881126-188441444-3053964)";
string permissionKey = share.CreateFilePermission(permission);
source.Properties.FilePermissionKey = permissionKey;
var attributes = CloudFileNtfsAttributes.NoScrubData | CloudFileNtfsAttributes.Temporary;
var creationTime = DateTimeOffset.UtcNow.AddDays(-1);
source.Properties.NtfsAttributes = attributes;
DateTimeOffset lastWriteTime = DateTimeOffset.UtcNow;
source.Properties.LastWriteTime = lastWriteTime;
source.Properties.CreationTime = creationTime;
source.SetProperties();
// Create Destination on server
CloudFile destination = share.GetRootDirectoryReference().GetFileReference("destination");
destination.Create(1);
CloudFile copySource = source;
CloudFile copyDestination = destination;
if (sourceIsSas)
{
// Source SAS must have read permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Read;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = share.GetSharedAccessSignature(policy);
// Get source
StorageCredentials credentials = new StorageCredentials(sasToken);
copySource = new CloudFile(credentials.TransformUri(source.Uri));
}
if (destinationIsSas)
{
Assert.IsTrue(sourceIsSas);
// Destination SAS must have write permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Write;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = destination.GetSharedAccessSignature(policy);
// Get destination
StorageCredentials credentials = new StorageCredentials(sasToken);
copyDestination = new CloudFile(credentials.TransformUri(destination.Uri));
}
// Start copy and wait for completion
string copyId = copyDestination.StartCopy(TestHelper.Defiddler(copySource),
null,
null,
new FileCopyOptions()
{
PreservePermissions = true,
PreserveCreationTime = true,
PreserveLastWriteTime = true,
PreserveNtfsAttributes = true,
SetArchive = false
},
null, null);
WaitForCopy(destination);
// Check original file references for equality
Assert.AreEqual(CopyStatus.Success, destination.CopyState.Status);
Assert.AreEqual(source.Uri.AbsolutePath, destination.CopyState.Source.AbsolutePath);
Assert.AreEqual(data.Length, destination.CopyState.TotalBytes);
Assert.AreEqual(data.Length, destination.CopyState.BytesCopied);
Assert.AreEqual(copyId, destination.CopyState.CopyId);
Assert.IsTrue(destination.CopyState.CompletionTime > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
if (!destinationIsSas)
{
// Abort Copy is not supported for SAS destination
TestHelper.ExpectedException(
() => copyDestination.AbortCopy(copyId),
"Aborting a copy operation after completion should fail",
HttpStatusCode.Conflict,
"NoPendingCopyOperation");
}
source.FetchAttributes();
Assert.IsNotNull(destination.Properties.ETag);
Assert.AreNotEqual(source.Properties.ETag, destination.Properties.ETag);
Assert.IsTrue(destination.Properties.LastModified > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
string copyData = DownloadText(destination, Encoding.UTF8);
Assert.AreEqual(data, copyData, "Data inside copy of file not equal.");
destination.FetchAttributes();
FileProperties prop1 = destination.Properties;
FileProperties prop2 = source.Properties;
Assert.AreEqual(prop1.CacheControl, prop2.CacheControl);
Assert.AreEqual(prop1.ContentEncoding, prop2.ContentEncoding);
Assert.AreEqual(prop1.ContentLanguage, prop2.ContentLanguage);
Assert.AreEqual(prop1.ContentMD5, prop2.ContentMD5);
Assert.AreEqual(prop1.ContentType, prop2.ContentType);
Assert.AreEqual(lastWriteTime, destination.Properties.LastWriteTime.Value);
Assert.AreEqual(creationTime, destination.Properties.CreationTime.Value);
Assert.AreEqual(attributes, destination.Properties.NtfsAttributes.Value);
Assert.IsNotNull(destination.Properties.FilePermissionKey);
Assert.IsNull(destination.FilePermission);
Assert.AreEqual("value", destination.Metadata["Test"], false, "Copied metadata not same");
destination.Delete();
source.Delete();
}
finally
{
share.DeleteIfExists();
}
}
