public void CloudFileSASSharedProtocolsQueryParam() { CloudFileShare share = GetRandomShareReference(); try { share.Create(); CloudFile file; SharedAccessFilePolicy policy = new SharedAccessFilePolicy() { Permissions = SharedAccessFilePermissions.Read, SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), }; CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile"); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; byte[] target = new byte[4]; fileWithKey.UploadFromByteArray(data, 0, 4); foreach (SharedAccessProtocol?protocol in new SharedAccessProtocol?[] { null, SharedAccessProtocol.HttpsOrHttp, SharedAccessProtocol.HttpsOnly }) { string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, protocol, null); StorageCredentials fileSAS = new StorageCredentials(fileToken); Uri fileSASUri = new Uri(fileWithKey.Uri + fileSAS.SASToken); StorageUri fileSASStorageUri = new StorageUri(new Uri(fileWithKey.StorageUri.PrimaryUri + fileSAS.SASToken), new Uri(fileWithKey.StorageUri.SecondaryUri + fileSAS.SASToken)); int securePort = 443; int httpPort = (fileSASUri.Port == securePort) ? 80 : fileSASUri.Port; if (!string.IsNullOrEmpty(TestBase.TargetTenantConfig.FileSecurePortOverride)) { securePort = Int32.Parse(TestBase.TargetTenantConfig.FileSecurePortOverride); } var schemesAndPorts = new[] { new { scheme = Uri.UriSchemeHttp, port = httpPort }, new { scheme = Uri.UriSchemeHttps, port = securePort } }; foreach (var item in schemesAndPorts) { fileSASUri = TransformSchemeAndPort(fileSASUri, item.scheme, item.port); fileSASStorageUri = new StorageUri(TransformSchemeAndPort(fileSASStorageUri.PrimaryUri, item.scheme, item.port), TransformSchemeAndPort(fileSASStorageUri.SecondaryUri, item.scheme, item.port)); if (protocol.HasValue && protocol == SharedAccessProtocol.HttpsOnly && string.CompareOrdinal(item.scheme, Uri.UriSchemeHttp) == 0) { file = new CloudFile(fileSASUri); TestHelper.ExpectedException(() => file.FetchAttributes(), "Access a file using SAS with a shared protocols that does not match", HttpStatusCode.Unused); file = new CloudFile(fileSASStorageUri, null); TestHelper.ExpectedException(() => file.FetchAttributes(), "Access a file using SAS with a shared protocols that does not match", HttpStatusCode.Unused); } else { file = new CloudFile(fileSASUri); file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null); for (int i = 0; i < 4; i++) { Assert.AreEqual(data[i], target[i]); } file = new CloudFile(fileSASStorageUri, null); file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null); for (int i = 0; i < 4; i++) { Assert.AreEqual(data[i], target[i]); } } } } } finally { share.DeleteIfExists(); } }
public void CloudFileSASIPAddressHelper(Func <IPAddressOrRange> generateInitialIPAddressOrRange, Func <IPAddress, IPAddressOrRange> generateFinalIPAddressOrRange) { CloudFileShare share = GetRandomShareReference(); try { share.Create(); CloudFile file; SharedAccessFilePolicy policy = new SharedAccessFilePolicy() { Permissions = SharedAccessFilePermissions.Read, SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), }; CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile"); byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 }; fileWithKey.UploadFromByteArray(data, 0, 4); // We need an IP address that will never be a valid source IPAddressOrRange ipAddressOrRange = generateInitialIPAddressOrRange(); string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange); StorageCredentials fileSAS = new StorageCredentials(fileToken); Uri fileSASUri = fileSAS.TransformUri(fileWithKey.Uri); StorageUri fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri); file = new CloudFile(fileSASUri); byte[] target = new byte[4]; OperationContext opContext = new OperationContext(); IPAddress actualIP = null; opContext.ResponseReceived += (sender, e) => { Stream stream = HttpResponseParsers.GetResponseStream(e.Response); stream.Seek(0, SeekOrigin.Begin); using (StreamReader reader = new StreamReader(stream)) { string text = reader.ReadToEnd(); XDocument xdocument = XDocument.Parse(text); actualIP = IPAddress.Parse(xdocument.Descendants("SourceIP").First().Value); } }; bool exceptionThrown = false; try { file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, opContext); } catch (StorageException) { exceptionThrown = true; //The IP should not be included in the error details for security reasons Assert.IsNull(actualIP); } Assert.IsTrue(exceptionThrown); ipAddressOrRange = null; fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange); fileSAS = new StorageCredentials(fileToken); fileSASUri = fileSAS.TransformUri(fileWithKey.Uri); fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri); file = new CloudFile(fileSASUri); file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null); for (int i = 0; i < 4; i++) { Assert.AreEqual(data[i], target[i]); } Assert.IsTrue(file.StorageUri.PrimaryUri.Equals(fileWithKey.Uri)); Assert.IsNull(file.StorageUri.SecondaryUri); file = new CloudFile(fileSASStorageUri, null); file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null); for (int i = 0; i < 4; i++) { Assert.AreEqual(data[i], target[i]); } Assert.IsTrue(file.StorageUri.Equals(fileWithKey.StorageUri)); } finally { share.DeleteIfExists(); } }