/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="DataLakeSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public DataLakeSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
EnsureState();
var startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
var expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, FileSystemName ?? String.Empty, Path ?? String.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version,
Resource,
null, // snapshot
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign);
var p = new DataLakeSasQueryParameters(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="BlobSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
EnsureState();
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartsOn);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiresOn);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, BlobContainerName ?? String.Empty, BlobName ?? String.Empty),
Identifier,
IPRange.ToString(),
Protocol.ToProtocolString(),
Version,
Resource,
Snapshot,
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new BlobSasQueryParameters(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (ExpiresOn == default)
{
throw Errors.SasMissingData(nameof(ExpiresOn));
}
if (string.IsNullOrEmpty(Permissions))
{
throw Errors.SasMissingData(nameof(Permissions));
}
if (string.IsNullOrEmpty(Version))
{
Version = SasQueryParameters.DefaultSasVersion;
}
var startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
var expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, QueueName ?? string.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version);
var signature = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign);
var p = SasQueryParametersInternals.Create(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
string resource;
if (string.IsNullOrEmpty(FilePath))
{
// Make sure the permission characters are in the correct order
Permissions = ShareSasPermissions.Parse(Permissions).ToString();
resource = Constants.Sas.Resource.Share;
}
else
{
// Make sure the permission characters are in the correct order
Permissions = FileSasPermissions.Parse(Permissions).ToString();
resource = Constants.Sas.Resource.File;
}
if (string.IsNullOrEmpty(Version))
{
Version = SasQueryParameters.DefaultSasVersion;
}
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, ShareName ?? string.Empty, FilePath ?? string.Empty),
Identifier,
IPRange.ToString(),
Protocol.ToString(),
Version,
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new SasQueryParameters(
version: Version,
services: null,
resourceTypes: null,
protocol: Protocol,
startTime: StartTime,
expiryTime: ExpiryTime,
ipRange: IPRange,
identifier: Identifier,
resource: resource,
permissions: Permissions,
signature: signature);
return(p);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="DataLakeSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public DataLakeSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
EnsureState();
string startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
string expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
string stringToSign;
// TODO https://github.com/Azure/azure-sdk-for-net/issues/23369
if (SasQueryParametersInternals.DefaultSasVersionInternal == "2020-12-06")
{
stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, FileSystemName ?? string.Empty, Path ?? string.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version,
Resource,
null, // snapshot
null, // encryption scope
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
}
else
{
stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, FileSystemName ?? string.Empty, Path ?? string.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version,
Resource,
null, // snapshot
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
}
string signature = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign);
DataLakeSasQueryParameters p = new DataLakeSasQueryParameters(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="UserDelegationKey"/> to sign this
/// shared access signature values to produce the propery SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="userDelegationKey">
/// A <see cref="UserDelegationKey"/> returned from
/// <see cref="Azure.Storage.Blobs.BlobServiceClient.GetUserDelegationKeyAsync"/>.
/// </param>
/// <param name="accountName">The name of the storage account.</param>
/// <returns>
/// The <see cref="BlobSasQueryParameters"/> used for authenticating requests.
/// </returns>
public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName)
{
userDelegationKey = userDelegationKey ?? throw Errors.ArgumentNull(nameof(userDelegationKey));
EnsureState();
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime);
var signedStart = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedStart);
var signedExpiry = SasQueryParameters.FormatTimesForSasSigning(userDelegationKey.SignedExpiry);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(accountName, ContainerName ?? String.Empty, BlobName ?? String.Empty),
userDelegationKey.SignedOid,
userDelegationKey.SignedTid,
signedStart,
signedExpiry,
userDelegationKey.SignedService,
userDelegationKey.SignedVersion,
IPRange.ToString(),
Protocol.ToString(),
Version,
Resource,
Snapshot,
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = ComputeHMACSHA256(userDelegationKey.Value, stringToSign);
var p = new BlobSasQueryParameters(
version: Version,
services: null,
resourceTypes: null,
protocol: Protocol,
startTime: StartTime,
expiryTime: ExpiryTime,
ipRange: IPRange,
identifier: null,
resource: Resource,
permissions: Permissions,
keyOid: userDelegationKey.SignedOid,
keyTid: userDelegationKey.SignedTid,
keyStart: userDelegationKey.SignedStart,
keyExpiry: userDelegationKey.SignedExpiry,
keyService: userDelegationKey.SignedService,
keyVersion: userDelegationKey.SignedVersion,
signature: signature);
return(p);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (ExpiresOn == default)
{
throw Errors.SasMissingData(nameof(ExpiresOn));
}
if (string.IsNullOrEmpty(Permissions))
{
throw Errors.SasMissingData(nameof(Permissions));
}
string resource;
if (string.IsNullOrEmpty(FilePath))
{
resource = Constants.Sas.Resource.Share;
}
else
{
resource = Constants.Sas.Resource.File;
}
if (string.IsNullOrEmpty(Version))
{
Version = SasQueryParameters.DefaultSasVersion;
}
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartsOn);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiresOn);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, ShareName ?? string.Empty, FilePath ?? string.Empty),
Identifier,
IPRange.ToString(),
Protocol.ToProtocolString(),
Version,
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new SasQueryParameters(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (ExpiryTime == default || string.IsNullOrEmpty(Permissions) || string.IsNullOrEmpty(ResourceTypes) || string.IsNullOrEmpty(Services))
{
throw Errors.AccountSasMissingData();
}
if (string.IsNullOrEmpty(Version))
{
Version = SasQueryParameters.DefaultSasVersion;
}
// Make sure the permission characters are in the correct order
Permissions = AccountSasPermissions.Parse(Permissions).ToString();
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = string.Join("\n",
sharedKeyCredential.AccountName,
Permissions,
Services,
ResourceTypes,
startTime,
expiryTime,
IPRange.ToString(),
Protocol.ToString(),
Version,
""); // That's right, the account SAS requires a terminating extra newline
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new SasQueryParameters(
Version,
Services,
ResourceTypes,
Protocol,
StartTime,
ExpiryTime,
IPRange,
null, // Identifier
null, // Resource
Permissions,
signature);
return(p);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (ExpiresOn == default || string.IsNullOrEmpty(Permissions) || ResourceTypes == default || Services == default)
{
throw Errors.AccountSasMissingData();
}
Version = SasQueryParametersInternals.DefaultSasVersionInternal;
string startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
string expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
string stringToSign = string.Join("\n",
sharedKeyCredential.AccountName,
Permissions,
Services.ToPermissionsString(),
ResourceTypes.ToPermissionsString(),
startTime,
expiryTime,
IPRange.ToString(),
Protocol.ToProtocolString(),
Version,
EncryptionScope,
string.Empty); // That's right, the account SAS requires a terminating extra newline
string signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
SasQueryParameters p = SasQueryParametersInternals.Create(
Version,
Services,
ResourceTypes,
Protocol,
StartsOn,
ExpiresOn,
IPRange,
identifier: null,
resource: null,
Permissions,
signature,
encryptionScope: EncryptionScope);
return(p);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
Permissions = QueueAccountSasPermissions.Parse(Permissions).ToString();
if (string.IsNullOrEmpty(Version))
{
Version = SasQueryParameters.DefaultSasVersion;
}
var startTime = SasQueryParameters.FormatTimesForSasSigning(StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(ExpiryTime);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, QueueName ?? string.Empty),
Identifier,
IPRange.ToString(),
Protocol.ToString(),
Version);
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new SasQueryParameters(
version: Version,
services: null,
resourceTypes: null,
protocol: Protocol,
startTime: StartTime,
expiryTime: ExpiryTime,
ipRange: IPRange,
identifier: Identifier,
resource: null,
permissions: Permissions,
signature: signature);
return(p);
}
