public void ValidateSetupAccessPolicyPermissionTest() { SharedAccessBlobPolicy blobAccessPolicy = new SharedAccessBlobPolicy(); AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, null); Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, ""); Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, "D"); Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.Delete); SharedAccessTablePolicy tableAccessPolicy = new SharedAccessTablePolicy(); AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, null); Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, ""); Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, "ar"); Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query); SharedAccessQueuePolicy queueAccessPolicy = new SharedAccessQueuePolicy(); AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, null); Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, ""); Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, "p"); Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.ProcessMessages); SharedAccessFilePolicy fileAccessPolicy = new SharedAccessFilePolicy(); AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, null); Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, ""); Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.None); AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, "lwc"); Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.List | SharedAccessFilePermissions.Write | SharedAccessFilePermissions.Create); }
public void SetupAccessPolicyPermissionTest() { SharedAccessTablePolicy accessPolicy = new SharedAccessTablePolicy(); command.SetupAccessPolicyPermission(accessPolicy, ""); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.None); accessPolicy.Permissions = SharedAccessTablePermissions.Add; command.SetupAccessPolicyPermission(accessPolicy, ""); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Add); command.SetupAccessPolicyPermission(accessPolicy, "u"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Update); command.SetupAccessPolicyPermission(accessPolicy, "uUUU"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Update); command.SetupAccessPolicyPermission(accessPolicy, "drrq"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "rq"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "q"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "r"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "qd"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query); command.SetupAccessPolicyPermission(accessPolicy, "audq"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete); command.SetupAccessPolicyPermission(accessPolicy, "dqaaaau"); Assert.AreEqual(accessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete); AssertThrows<ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "rwDl")); AssertThrows<ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "x")); AssertThrows<ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "rwx")); AssertThrows<ArgumentException>(() => command.SetupAccessPolicyPermission(accessPolicy, "ABC")); }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">A <see cref="SharedAccessTablePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="startPartitionKey">A string specifying the start partition key, or <c>null</c>.</param> /// <param name="startRowKey">A string specifying the start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">A string specifying the end partition key, or <c>null</c>.</param> /// <param name="endRowKey">A string specifying the end row key, or <c>null</c>.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey) { return(this.GetSharedAccessSignature(policy, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, null, null)); }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">A <see cref="SharedAccessTablePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature(SharedAccessTablePolicy policy, string accessPolicyIdentifier) { return(this.GetSharedAccessSignature( policy, accessPolicyIdentifier, null /* startPartitionKey */, null /* startRowKey */, null /* endPartitionKey */, null /* endRowKey */)); }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">A <see cref="SharedAccessTablePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="startPartitionKey">A string specifying the start partition key, or <c>null</c>.</param> /// <param name="startRowKey">A string specifying the start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">A string specifying the end partition key, or <c>null</c>.</param> /// <param name="endRowKey">A string specifying the end row key, or <c>null</c>.</param> /// <param name="protocols">The allowed protocols (https only, or http and https). Null if you don't want to restrict protocol.</param> /// <param name="ipAddressOrRange">The allowed IP address or IP address range. Null if you don't want to restrict based on IP address.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; #if ALL_SERVICES string signature = SharedAccessSignatureHelper.GetHash( #else string signature = TableSharedAccessSignatureHelper.GetHash( #endif policy, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, resourceName, OperationContext.StorageVersion ?? Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue); #if ALL_SERVICES UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature( #else UriQueryBuilder builder = TableSharedAccessSignatureHelper.GetSignature( #endif policy, this.Name, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, signature, accountKey.KeyName, OperationContext.StorageVersion ?? Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange); return(builder.ToString()); }
public async Task TableUpdateSasTestAsync() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { await table.CreateAsync(); BaseEntity entity = new BaseEntity("PK", "RK"); await table.ExecuteAsync(TableOperation.Insert(entity)); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete, }; string sasToken = table.GetSharedAccessSignature(policy, null, null, null, null, null); StorageCredentials creds = new StorageCredentials(sasToken); CloudTable sasTable = new CloudTable(table.Uri, creds); OperationContext context = new OperationContext(); await TestHelper.ExpectedExceptionAsync( async() => await sasTable.ExecuteAsync(TableOperation.Insert(new BaseEntity("PK", "RK2")), null, context), context, "Try to insert an entity when SAS doesn't allow inserts", HttpStatusCode.NotFound); await sasTable.ExecuteAsync(TableOperation.Delete(entity)); SharedAccessTablePolicy policy2 = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Add, }; string sasToken2 = table.GetSharedAccessSignature(policy2, null, null, null, null, null); creds.UpdateSASToken(sasToken2); sasTable = new CloudTable(table.Uri, creds); await sasTable.ExecuteAsync(TableOperation.Insert(new BaseEntity("PK", "RK2"))); } finally { table.DeleteIfExistsAsync().AsTask().Wait(); } }
static void Main(string[] args) { const string PolicyName = "TableSasGenPolicy"; try { if (args.Length < 3) { Console.WriteLine("Usage: TableSasGen.exe <storageAccount> <tableName> <storageKey>"); return; } var storageAccount = args[0]; var tableName = args[1]; var storageKey = args[2]; var storageUri = new Uri(String.Format("https://{0}.table.core.windows.net/", storageAccount)); CloudTableClient client = new CloudTableClient(storageUri, new StorageCredentials(storageAccount, storageKey)); CloudTable table = client.GetTableReference(tableName); TablePermissions permissions = table.GetPermissions(); SharedAccessTablePolicy policy = null; if (!permissions.SharedAccessPolicies.ContainsKey(PolicyName)) { policy = new SharedAccessTablePolicy() { Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update, SharedAccessExpiryTime = DateTimeOffset.MaxValue, }; permissions.SharedAccessPolicies.Add(PolicyName, policy); table.SetPermissions(permissions); } else { policy = permissions.SharedAccessPolicies[PolicyName]; } var sasToken = table.GetSharedAccessSignature(policy); Console.WriteLine("{0}{1}", storageUri, sasToken); } catch (Exception ex) { Console.WriteLine(ex); } }
public string GetSas(string partition, SharedAccessTablePermissions permissions) { SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15), Permissions = permissions }; string sasToken = this.ServiceClient.GetTableReference("Photos").GetSharedAccessSignature( policy /* access policy */, null /* access policy identifier */, partition /* start partition key */, null /* start row key */, partition /* end partition key */, null /* end row key */); return sasToken; }
public void AddTestStoredAccessPolicy() { tableMock.tablePermissions.SharedAccessPolicies.Clear(); SharedAccessTablePolicy testPolicy1 = new SharedAccessTablePolicy(); testPolicy1.Permissions = SharedAccessTablePermissions.None; testPolicy1.Permissions |= SharedAccessTablePermissions.Query; testPolicy1.SharedAccessStartTime = DateTime.Today.ToUniversalTime(); testPolicy1.SharedAccessExpiryTime = DateTime.Today.AddDays(1).ToUniversalTime(); tableMock.tablePermissions.SharedAccessPolicies.Add(TestPolicy1, testPolicy1); SharedAccessTablePolicy testPolicy2 = new SharedAccessTablePolicy(); testPolicy1.Permissions = SharedAccessTablePermissions.None; testPolicy1.Permissions |= SharedAccessTablePermissions.Query; testPolicy1.SharedAccessStartTime = DateTime.Today.ToUniversalTime(); testPolicy1.SharedAccessExpiryTime = DateTime.Today.AddDays(1).ToUniversalTime(); tableMock.tablePermissions.SharedAccessPolicies.Add(TestPolicy2, testPolicy2); }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">A <see cref="SharedAccessTablePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="startPartitionKey">A string specifying the start partition key, or <c>null</c>.</param> /// <param name="startRowKey">A string specifying the start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">A string specifying the end partition key, or <c>null</c>.</param> /// <param name="endRowKey">A string specifying the end row key, or <c>null</c>.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format. Value must be <c>2012-02-12</c> or later.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string sasVersion) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string validatedSASVersion = SharedAccessSignatureHelper.ValidateSASVersionString(sasVersion); string signature = SharedAccessSignatureHelper.GetHash( policy, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, resourceName, validatedSASVersion, accountKey.KeyValue); UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature( policy, this.Name, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, signature, accountKey.KeyName, validatedSASVersion); return(builder.ToString()); }
public static string GetSasForTable(string username) { var cloudTableClient = StorageAccount.CreateCloudTableClient(); var policy = new SharedAccessTablePolicy() { SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(15), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update }; var sasToken = cloudTableClient.GetTableReference("Photos").GetSharedAccessSignature( policy: policy, accessPolicyIdentifier: null, startPartitionKey: username, startRowKey: null, endPartitionKey: username, endRowKey: null); return sasToken; }
public async Task TableSasUriTestAsync() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { await table.CreateAsync(); BaseEntity entity = new BaseEntity("PK", "RK"); BaseEntity entity1 = new BaseEntity("PK", "RK1"); await table.ExecuteAsync(TableOperation.Insert(entity)); await table.ExecuteAsync(TableOperation.Insert(entity1)); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete, }; string sasToken = table.GetSharedAccessSignature(policy, null, null, null, null, null); StorageCredentials creds = new StorageCredentials(sasToken); CloudStorageAccount sasAcc = new CloudStorageAccount(creds, null /* blobEndpoint */, null /* queueEndpoint */, new Uri(TestBase.TargetTenantConfig.TableServiceEndpoint), null /* fileEndpoint */); CloudTableClient client = sasAcc.CreateCloudTableClient(); CloudTable sasTable = new CloudTable(client.Credentials.TransformUri(table.Uri)); await sasTable.ExecuteAsync(TableOperation.Delete(entity)); CloudTable sasTable2 = new CloudTable(new Uri(table.Uri.ToString() + sasToken)); await sasTable2.ExecuteAsync(TableOperation.Delete(entity1)); } finally { table.DeleteIfExistsAsync().AsTask().Wait(); } }
internal static void AssertPermissionsEqual(TablePermissions permissions1, TablePermissions permissions2) { Assert.AreEqual(permissions1.SharedAccessPolicies.Count, permissions2.SharedAccessPolicies.Count); foreach (KeyValuePair <string, SharedAccessTablePolicy> pair in permissions1.SharedAccessPolicies) { SharedAccessTablePolicy policy1 = pair.Value; SharedAccessTablePolicy policy2 = permissions2.SharedAccessPolicies[pair.Key]; Assert.IsNotNull(policy1); Assert.IsNotNull(policy2); Assert.AreEqual(policy1.Permissions, policy2.Permissions); if (policy1.SharedAccessStartTime != null) { Assert.IsTrue(Math.Floor((policy1.SharedAccessStartTime.Value - policy2.SharedAccessStartTime.Value).TotalSeconds) == 0); } if (policy1.SharedAccessExpiryTime != null) { Assert.IsTrue(Math.Floor((policy1.SharedAccessExpiryTime.Value - policy2.SharedAccessExpiryTime.Value).TotalSeconds) == 0); } } }
/// <summary> /// Manage stored access policies specified on the table /// </summary> /// <param name="table"></param> /// <returns></returns> private static async Task TableAclSample(CloudTable table) { // Set table permissions SharedAccessTablePolicy accessTablePolicy = new SharedAccessTablePolicy(); accessTablePolicy.SharedAccessStartTime = new DateTimeOffset(DateTime.Now); accessTablePolicy.SharedAccessExpiryTime = new DateTimeOffset(DateTime.Now.AddMinutes(10)); accessTablePolicy.Permissions = SharedAccessTablePermissions.Update; TablePermissions permissions = new TablePermissions(); permissions.SharedAccessPolicies.Add("key1", accessTablePolicy); Console.WriteLine("Set table permissions"); await table.SetPermissionsAsync(permissions); // Get table permissions Console.WriteLine("Get table permissions:"); permissions = await table.GetPermissionsAsync(); foreach (var keyValue in permissions.SharedAccessPolicies) { Console.WriteLine(" {0}:", keyValue.Key); Console.WriteLine(" permissions: {0}:", keyValue.Value.Permissions); Console.WriteLine(" start time: {0}:", keyValue.Value.SharedAccessStartTime); Console.WriteLine(" expiry time: {0}:", keyValue.Value.SharedAccessExpiryTime); } }
internal static string GetHash( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string resourceName, string sasVersion, byte[] keyValue) { CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName); CommonUtility.AssertNotNull("keyValue", keyValue); CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion); string permissions = null; DateTimeOffset? startTime = null; DateTimeOffset? expiryTime = null; if (policy != null) { permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } //// StringToSign = signedpermissions + "\n" + //// signedstart + "\n" + //// signedexpiry + "\n" + //// canonicalizedresource + "\n" + //// signedidentifier + "\n" + //// signedversion + "\n" + //// startpk + "\n" + //// startrk + "\n" + //// endpk + "\n" + //// endrk //// //// HMAC-SHA256(UTF8.Encode(StringToSign)) string stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, sasVersion, startPartitionKey, startRowKey, endPartitionKey, endRowKey); return CryptoUtility.ComputeHmac256(keyValue, stringToSign); }
public async Task TableUpdateSasTestAsync() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { await table.CreateAsync(); BaseEntity entity = new BaseEntity("PK", "RK"); await table.ExecuteAsync(TableOperation.Insert(entity)); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete, }; string sasToken = table.GetSharedAccessSignature(policy, null, null, null, null, null); StorageCredentials creds = new StorageCredentials(sasToken); CloudTable sasTable = new CloudTable(table.Uri, creds); OperationContext context = new OperationContext(); await TestHelper.ExpectedExceptionAsync( async () => await sasTable.ExecuteAsync(TableOperation.Insert(new BaseEntity("PK", "RK2")), null, context), context, "Try to insert an entity when SAS doesn't allow inserts", HttpStatusCode.Forbidden); await sasTable.ExecuteAsync(TableOperation.Delete(entity)); SharedAccessTablePolicy policy2 = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Add, }; string sasToken2 = table.GetSharedAccessSignature(policy2, null, null, null, null, null); creds.UpdateSASToken(sasToken2); sasTable = new CloudTable(table.Uri, creds); await sasTable.ExecuteAsync(TableOperation.Insert(new BaseEntity("PK", "RK2"))); } finally { table.DeleteIfExistsAsync().AsTask().Wait(); } }
internal string CreateAzureTableStoredAccessPolicy(IStorageTableManagement localChannel, string tableName, string policyName, DateTime? startTime, DateTime? expiryTime, string permission) { if (!NameUtil.IsValidStoredAccessPolicyName(policyName)) { throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName)); } //Get existing permissions CloudTable table = localChannel.GetTableReference(tableName); TablePermissions tablePermissions = localChannel.GetTablePermissions(table); //Add new policy if (tablePermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName)); } SharedAccessTablePolicy policy = new SharedAccessTablePolicy(); AccessPolicyHelper.SetupAccessPolicy<SharedAccessTablePolicy>(policy, startTime, expiryTime, permission); tablePermissions.SharedAccessPolicies.Add(policyName, policy); //Set permissions back to table localChannel.SetTablePermissions(table, tablePermissions); return policyName; }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="tableName">The name of the table associated with this shared access signature.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param> /// <param name="startRowKey">The start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param> /// <param name="endRowKey">The end row key, or <c>null</c>.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format. Value must be <c>2012-02-12</c> or later.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSignature( SharedAccessTablePolicy policy, string tableName, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string signature, string accountKeyName, string sasVersion) { CommonUtility.AssertNotNull("signature", signature); UriQueryBuilder builder = new UriQueryBuilder(); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion); AddEscapedIfNotNull(builder, Constants.QueryConstants.SasTableName, tableName); AddEscapedIfNotNull(builder, Constants.QueryConstants.StartPartitionKey, startPartitionKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.StartRowKey, startRowKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.EndPartitionKey, endPartitionKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.EndRowKey, endRowKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName); AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature); if (policy != null) { AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime)); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime)); string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); if (!string.IsNullOrEmpty(permissions)) { AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions); } } return builder; }
static string RequestSasToken(CloudTable table, string customerId) { // Omitting any authentication code since this is beyond the scope of // this sample code // creating a shared access policy that expires in 1 day. // No start time is specified, which means that the token is valid immediately. // The policy specifies full permissions. SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTime.UtcNow.AddMinutes(-15), SharedAccessExpiryTime = DateTime.UtcNow.AddDays(1.0), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Delete }; // Generate the SAS token. No access policy identifier is used which // makes it a non-revocable token // limiting the table SAS access to only the request customer's id string sasToken = table.GetSharedAccessSignature( policy /* access policy */, null /* access policy identifier */, customerId /* start partition key */, null /* start row key */, customerId /* end partition key */, null /* end row key */); return sasToken; }
public void CloudTableSASWithAbsoluteUri() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference(tableClient.BaseUri + GenerateRandomTableName()); try { table.CreateIfNotExists(); BaseEntity entity = new BaseEntity("PK", "RK"); table.Execute(TableOperation.Insert(entity)); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { Permissions = SharedAccessTablePermissions.Delete, SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(10) }; string sasToken = table.GetSharedAccessSignature(policy); StorageCredentials creds = new StorageCredentials(sasToken); CloudTable sasTable = new CloudTable(table.Uri, creds); sasTable.Execute(TableOperation.Delete(entity)); } finally { table.DeleteIfExists(); } }
public Url UsersUrl() { var policy = new SharedAccessTablePolicy { Permissions = SharedAccessTablePermissions.Query, SharedAccessExpiryTime = DateTime.UtcNow.AddDays(2) }; var table = new CloudStorageAccount( new StorageCredentials( CloudConfigurationManager.GetSetting("storageAccountName"), CloudConfigurationManager.GetSetting("storageAccountKey")), true).CreateCloudTableClient().GetTableReference(ApplicationUserStore.UsersTableName); var token = table.GetSharedAccessSignature(policy); return new Url(table.Uri.AbsoluteUri + token); }
public void SetupAccessPolicyTest() { DateTime? start = DateTime.Now; DateTime? end = start.Value.AddHours(1.0); SharedAccessBlobPolicy blobAccessPolicy = new SharedAccessBlobPolicy(); AccessPolicyHelper.SetupAccessPolicy(blobAccessPolicy, start, end, "a"); Assert.AreEqual(blobAccessPolicy.SharedAccessStartTime.Value.UtcDateTime.ToString(), start.Value.ToUniversalTime().ToString()); Assert.AreEqual(blobAccessPolicy.SharedAccessExpiryTime.Value.UtcDateTime.ToString(), end.Value.ToUniversalTime().ToString()); Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.Add); SharedAccessTablePolicy tableAccessPolicy = new SharedAccessTablePolicy(); AccessPolicyHelper.SetupAccessPolicy(tableAccessPolicy, null, end, "d", true); Assert.AreEqual(tableAccessPolicy.SharedAccessStartTime, null); Assert.AreEqual(tableAccessPolicy.SharedAccessExpiryTime.Value.UtcDateTime.ToString(), end.Value.ToUniversalTime().ToString()); Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.Delete); SharedAccessQueuePolicy queueAccessPolicy = new SharedAccessQueuePolicy(); AccessPolicyHelper.SetupAccessPolicy(queueAccessPolicy, start, null, "", noExpiryTime: true); Assert.AreEqual(queueAccessPolicy.SharedAccessStartTime.Value.UtcDateTime.ToString(), start.Value.ToUniversalTime().ToString()); Assert.AreEqual(queueAccessPolicy.SharedAccessExpiryTime, null); Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None); SharedAccessFilePolicy fileAccessPolicy = new SharedAccessFilePolicy(); AccessPolicyHelper.SetupAccessPolicy(fileAccessPolicy, null, null, "dl", true, true); Assert.AreEqual(fileAccessPolicy.SharedAccessStartTime, null); Assert.AreEqual(fileAccessPolicy.SharedAccessExpiryTime, null); Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.List| SharedAccessFilePermissions.Delete); }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="tableName">The name of the table associated with this shared access signature.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or null if the key is implicit.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSharedAccessSignatureImpl( SharedAccessTablePolicy policy, string tableName, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string signature, string accountKeyName) { CommonUtility.AssertNotNull("signature", signature); if (policy == null) { return GetSharedAccessSignatureImpl( null /* policy.Permissions */, null /* policy.SharedAccessStartTime */, null /* policy.SharedAccessExpiryTime */, startPartitionKey, startRowKey, endPartitionKey, endRowKey, accessPolicyIdentifier, null /* resourceType (blob only) */, tableName, signature, accountKeyName); } string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); if (string.IsNullOrEmpty(permissions)) { permissions = null; } return GetSharedAccessSignatureImpl( permissions, policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, startPartitionKey, startRowKey, endPartitionKey, endRowKey, accessPolicyIdentifier, null /* resourceType (blob only) */, tableName, signature, accountKeyName); }
/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetSharedAccessSignatureHashImpl( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string resourceName, byte[] keyValue) { if (policy == null) { return GetSharedAccessSignatureHashImpl( null /* policy.Permissions */, null /* policy.SharedAccessStartTime */, null /* policy.SharedAccessExpiryTime */, startPartitionKey, startRowKey, endPartitionKey, endRowKey, true /* using table SAS */, accessPolicyIdentifier, resourceName, keyValue); } return GetSharedAccessSignatureHashImpl( SharedAccessTablePolicy.PermissionsToString(policy.Permissions), policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, startPartitionKey, startRowKey, endPartitionKey, endRowKey, true /* using table SAS */, accessPolicyIdentifier, resourceName, keyValue); }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">A <see cref="SharedAccessTablePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature(SharedAccessTablePolicy policy, string accessPolicyIdentifier) { return this.GetSharedAccessSignature( policy, accessPolicyIdentifier, null /* startPartitionKey */, null /* startRowKey */, null /* endPartitionKey */, null /* endRowKey */); }
/// <summary> /// Returns a URI containing a SAS for the table. /// </summary> /// <param name="table">A CloudTable object.</param> /// <param name="storedPolicyName">A string containing the name of the stored access policy. If null, an ad-hoc SAS is created.</param> /// <returns>A string containing the URI for the table, with the SAS token appended.</returns> private static string GetTableSasUri(CloudTable table, string storedPolicyName = null) { string sasTableToken; // If no stored policy is specified, create a new access policy and define its constraints. if (storedPolicyName == null) { // Note that the SharedAccessTablePolicy class is used both to define the parameters of an ad-hoc SAS, and // to construct a shared access policy that is saved to the table's shared access policies. SharedAccessTablePolicy adHocPolicy = new SharedAccessTablePolicy() { // Permissions enable users to add, update, query, and delete entities in the table. SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24), Permissions = SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Update | SharedAccessTablePermissions.Query | SharedAccessTablePermissions.Delete }; // Generate the shared access signature on the table, setting the constraints directly on the signature. sasTableToken = table.GetSharedAccessSignature(adHocPolicy, null); Console.WriteLine("SAS for table (ad hoc): {0}", sasTableToken); Console.WriteLine(); } else { // Generate the shared access signature on the table. In this case, all of the constraints for the // shared access signature are specified on the stored access policy, which is provided by name. // It is also possible to specify some constraints on an ad-hoc SAS and others on the stored access policy. // However, a constraint must be specified on one or the other; it cannot be specified on both. sasTableToken = table.GetSharedAccessSignature(null, storedPolicyName); Console.WriteLine("SAS for table (stored access policy): {0}", sasTableToken); Console.WriteLine(); } // Return the URI string for the table, including the SAS token. return table.Uri + sasTableToken; }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">A <see cref="SharedAccessTablePolicy"/> object specifying the access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">A string identifying a stored access policy.</param> /// <param name="startPartitionKey">A string specifying the start partition key, or <c>null</c>.</param> /// <param name="startRowKey">A string specifying the start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">A string specifying the end partition key, or <c>null</c>.</param> /// <param name="endRowKey">A string specifying the end row key, or <c>null</c>.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey) { return this.GetSharedAccessSignature( policy, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, null /* sasVersion */); }
/// <summary> /// Update the access policy /// </summary> /// <param name="policy">Access policy object</param> /// <param name="shouldSetExpiryTime">Should set the default expiry time</param> private void SetupAccessPolicy(SharedAccessTablePolicy policy, bool shouldSetExpiryTime) { DateTimeOffset? accessStartTime; DateTimeOffset? accessEndTime; SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime, out accessStartTime, out accessEndTime, shouldSetExpiryTime); policy.SharedAccessStartTime = accessStartTime; policy.SharedAccessExpiryTime = accessEndTime; SetupAccessPolicyPermission(policy, Permission); }
public void TableUpdateSasTestSync() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { table.Create(); BaseEntity entity = new BaseEntity("PK", "RK"); table.Execute(TableOperation.Insert(entity)); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete, }; string sasToken = table.GetSharedAccessSignature(policy); StorageCredentials creds = new StorageCredentials(sasToken); CloudTable sasTable = new CloudTable(table.Uri, creds); TestHelper.ExpectedException( () => sasTable.Execute(TableOperation.Insert(new BaseEntity("PK", "RK2"))), "Try to insert an entity when SAS doesn't allow inserts", HttpStatusCode.NotFound); sasTable.Execute(TableOperation.Delete(entity)); SharedAccessTablePolicy policy2 = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Delete | SharedAccessTablePermissions.Add, }; string sasToken2 = table.GetSharedAccessSignature(policy2); creds.UpdateSASToken(sasToken2); sasTable = new CloudTable(table.Uri, creds); sasTable.Execute(TableOperation.Insert(new BaseEntity("PK", "RK2"))); } finally { table.DeleteIfExists(); } }
public string GetSharedAccessSignature(SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { throw new System.NotImplementedException(); }
public string GetSharedAccessSignature(SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey) { throw new System.NotImplementedException(); }
public void TableSasUriPkRkTestSync() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { table.Create(); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), Permissions = SharedAccessTablePermissions.Add, }; string sasTokenPkRk = table.GetSharedAccessSignature(policy, null, "tables_batch_0", "00", "tables_batch_1", "04"); StorageCredentials credsPkRk = new StorageCredentials(sasTokenPkRk); // transform uri from credentials CloudTable sasTableTransformed = new CloudTable(credsPkRk.TransformUri(table.Uri)); // create uri by appending sas CloudTable sasTableDirect = new CloudTable(new Uri(table.Uri.ToString() + sasTokenPkRk)); BaseEntity pkrkEnt = new BaseEntity("tables_batch_0", "00"); sasTableTransformed.Execute(TableOperation.Insert(pkrkEnt)); pkrkEnt = new BaseEntity("tables_batch_0", "01"); sasTableDirect.Execute(TableOperation.Insert(pkrkEnt)); Action<BaseEntity, CloudTable, OperationContext> insertDelegate = (tableEntity, sasTable1, ctx) => { sasTable1.Execute(TableOperation.Insert(tableEntity), null, ctx); }; pkrkEnt = new BaseEntity("tables_batch_2", "00"); TestHelper.ExpectedException( (ctx) => insertDelegate(pkrkEnt, sasTableTransformed, ctx), string.Format("Inserted entity without appropriate SAS permissions."), (int)HttpStatusCode.Forbidden); TestHelper.ExpectedException( (ctx) => insertDelegate(pkrkEnt, sasTableDirect, ctx), string.Format("Inserted entity without appropriate SAS permissions."), (int)HttpStatusCode.Forbidden); pkrkEnt = new BaseEntity("tables_batch_1", "05"); TestHelper.ExpectedException( (ctx) => insertDelegate(pkrkEnt, sasTableTransformed, ctx), string.Format("Inserted entity without appropriate SAS permissions."), (int)HttpStatusCode.Forbidden); TestHelper.ExpectedException( (ctx) => insertDelegate(pkrkEnt, sasTableDirect, ctx), string.Format("Inserted entity without appropriate SAS permissions."), (int)HttpStatusCode.Forbidden); } finally { table.DeleteIfExists(); } }
/// <summary> /// Creates SAS constraints from the given parameters. /// </summary> /// <param name="permissions">The permission set.</param> /// <param name="expiration">The expiration time.</param> /// <returns>Returns the access policy.</returns> private static SharedAccessTablePolicy GetTableSasConstraints(ResourcePermissions permissions, DateTime? expiration) { SharedAccessTablePolicy sasConstraints = new SharedAccessTablePolicy(); // Set the start time to five minutes in the past. sasConstraints.SharedAccessStartTime = DateTimeOffset.Now - TimeSpan.FromMinutes(5); // Expiration. if (expiration != null) { sasConstraints.SharedAccessExpiryTime = expiration.Value; } // Permissions. sasConstraints.Permissions = SharedAccessTablePermissions.None; if ((permissions & ResourcePermissions.Read) == ResourcePermissions.Read) { sasConstraints.Permissions |= SharedAccessTablePermissions.Query; } if ((permissions & ResourcePermissions.Add) == ResourcePermissions.Add) { sasConstraints.Permissions |= SharedAccessTablePermissions.Add; } if ((permissions & ResourcePermissions.Update) == ResourcePermissions.Update) { sasConstraints.Permissions |= SharedAccessTablePermissions.Update; } if ((permissions & ResourcePermissions.Delete) == ResourcePermissions.Delete) { sasConstraints.Permissions |= SharedAccessTablePermissions.Delete; } return sasConstraints; }
/// <summary> /// Returns a shared access signature for the table. /// </summary> /// <param name="policy">The access policy for the shared access signature.</param> /// <param name="accessPolicyIdentifier">An access policy identifier.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <returns>A shared access signature, as a URI query string.</returns> /// <remarks>The query string returned includes the leading question mark.</remarks> /// <exception cref="InvalidOperationException">Thrown if the current credentials don't support creating a shared access signature.</exception> public string GetSharedAccessSignature( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey) { if (!this.ServiceClient.Credentials.IsSharedKey) { string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey); throw new InvalidOperationException(errorMessage); } string resourceName = this.GetCanonicalName(); StorageAccountKey accountKey = this.ServiceClient.Credentials.Key; string signature = SharedAccessSignatureHelper.GetSharedAccessSignatureHashImpl( policy, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, resourceName, accountKey.KeyValue); UriQueryBuilder builder = SharedAccessSignatureHelper.GetSharedAccessSignatureImpl( policy, this.Name, accessPolicyIdentifier, startPartitionKey, startRowKey, endPartitionKey, endRowKey, signature, accountKey.KeyName); return builder.ToString(); }
/// <summary> /// Helper function for testing the IPAddressOrRange funcitonality for tables /// </summary> /// <param name="generateInitialIPAddressOrRange">Function that generates an initial IPAddressOrRange object to use. This is expected to fail on the service.</param> /// <param name="generateFinalIPAddressOrRange">Function that takes in the correct IP address (according to the service) and returns the IPAddressOrRange object /// that should be accepted by the service</param> public void CloudTableSASIPAddressHelper(Func<IPAddressOrRange> generateInitialIPAddressOrRange, Func<IPAddress, IPAddressOrRange> generateFinalIPAddressOrRange) { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { table.Create(); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { Permissions = SharedAccessTablePermissions.Query, SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), }; DynamicTableEntity entity = new DynamicTableEntity("PK", "RK", null, new Dictionary<string, EntityProperty>() {{"prop", new EntityProperty(4)}}); table.Execute(new TableOperation(entity, TableOperationType.Insert)); // The plan then is to use an incorrect IP address to make a call to the service // ensure that we get an error message // parse the error message to get my actual IP (as far as the service sees) // then finally test the success case to ensure we can actually make requests IPAddressOrRange ipAddressOrRange = generateInitialIPAddressOrRange(); string tableToken = table.GetSharedAccessSignature(policy, null, null, null, null, null, null, ipAddressOrRange); StorageCredentials tableSAS = new StorageCredentials(tableToken); Uri tableSASUri = tableSAS.TransformUri(table.Uri); StorageUri tableSASStorageUri = tableSAS.TransformUri(table.StorageUri); CloudTable tableWithSAS = new CloudTable(tableSASUri); OperationContext opContext = new OperationContext(); IPAddress actualIP = null; bool exceptionThrown = false; TableResult result = null; DynamicTableEntity resultEntity = new DynamicTableEntity(); TableOperation retrieveOp = new TableOperation(resultEntity, TableOperationType.Retrieve); retrieveOp.RetrievePartitionKey = entity.PartitionKey; retrieveOp.RetrieveRowKey = entity.RowKey; try { result = tableWithSAS.Execute(retrieveOp, null, opContext); } catch (StorageException e) { string[] parts = e.RequestInformation.HttpStatusMessage.Split(' '); actualIP = IPAddress.Parse(parts[parts.Length - 1].Trim('.')); exceptionThrown = true; Assert.IsNotNull(actualIP); } Assert.IsTrue(exceptionThrown); ipAddressOrRange = generateFinalIPAddressOrRange(actualIP); tableToken = table.GetSharedAccessSignature(policy, null, null, null, null, null, null, ipAddressOrRange); tableSAS = new StorageCredentials(tableToken); tableSASUri = tableSAS.TransformUri(table.Uri); tableSASStorageUri = tableSAS.TransformUri(table.StorageUri); tableWithSAS = new CloudTable(tableSASUri); resultEntity = new DynamicTableEntity(); retrieveOp = new TableOperation(resultEntity, TableOperationType.Retrieve); retrieveOp.RetrievePartitionKey = entity.PartitionKey; retrieveOp.RetrieveRowKey = entity.RowKey; resultEntity = (DynamicTableEntity)tableWithSAS.Execute(retrieveOp).Result; Assert.AreEqual(entity.Properties["prop"].PropertyType, resultEntity.Properties["prop"].PropertyType); Assert.AreEqual(entity.Properties["prop"].Int32Value.Value, resultEntity.Properties["prop"].Int32Value.Value); Assert.IsTrue(table.StorageUri.PrimaryUri.Equals(tableWithSAS.Uri)); Assert.IsNull(tableWithSAS.StorageUri.SecondaryUri); tableWithSAS = new CloudTable(tableSASStorageUri, null); resultEntity = new DynamicTableEntity(); retrieveOp = new TableOperation(resultEntity, TableOperationType.Retrieve); retrieveOp.RetrievePartitionKey = entity.PartitionKey; retrieveOp.RetrieveRowKey = entity.RowKey; resultEntity = (DynamicTableEntity)tableWithSAS.Execute(retrieveOp).Result; Assert.AreEqual(entity.Properties["prop"].PropertyType, resultEntity.Properties["prop"].PropertyType); Assert.AreEqual(entity.Properties["prop"].Int32Value.Value, resultEntity.Properties["prop"].Int32Value.Value); Assert.IsTrue(table.StorageUri.Equals(tableWithSAS.StorageUri)); } finally { table.DeleteIfExists(); } }
public override void ExecuteCmdlet() { if (String.IsNullOrEmpty(Name)) return; CloudTable table = Channel.GetTableReference(Name); SharedAccessTablePolicy policy = new SharedAccessTablePolicy(); bool shouldSetExpiryTime = SasTokenHelper.ValidateTableAccessPolicy(Channel, table.Name, policy, accessPolicyIdentifier); SetupAccessPolicy(policy, shouldSetExpiryTime); ValidatePkAndRk(StartPartitionKey, StartRowKey, EndPartitionKey, EndRowKey); string sasToken = table.GetSharedAccessSignature(policy, accessPolicyIdentifier, StartPartitionKey, StartRowKey, EndPartitionKey, EndRowKey); if (FullUri) { string fullUri = table.Uri.ToString() + sasToken; WriteObject(fullUri); } else { WriteObject(sasToken); } }
public void CloudTableSASSharedProtocolsQueryParam() { CloudTableClient tableClient = GenerateCloudTableClient(); CloudTable table = tableClient.GetTableReference("T" + Guid.NewGuid().ToString("N")); try { table.Create(); SharedAccessTablePolicy policy = new SharedAccessTablePolicy() { Permissions = SharedAccessTablePermissions.Query, SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5), SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30), }; DynamicTableEntity entity = new DynamicTableEntity("PK", "RK", null, new Dictionary<string, EntityProperty>() { { "prop", new EntityProperty(4) } }); table.Execute(new TableOperation(entity, TableOperationType.Insert)); foreach (SharedAccessProtocol? protocol in new SharedAccessProtocol?[] { null, SharedAccessProtocol.HttpsOrHttp, SharedAccessProtocol.HttpsOnly }) { string tableToken = table.GetSharedAccessSignature(policy, null, null, null, null, null, protocol, null); StorageCredentials tableSAS = new StorageCredentials(tableToken); Uri tableSASUri = new Uri(table.Uri + tableSAS.SASToken); StorageUri tableSASStorageUri = new StorageUri(new Uri(table.StorageUri.PrimaryUri + tableSAS.SASToken), new Uri(table.StorageUri.SecondaryUri + tableSAS.SASToken)); int httpPort = tableSASUri.Port; int securePort = 443; if (!string.IsNullOrEmpty(TestBase.TargetTenantConfig.TableSecurePortOverride)) { securePort = Int32.Parse(TestBase.TargetTenantConfig.TableSecurePortOverride); } var schemesAndPorts = new[] { new { scheme = Uri.UriSchemeHttp, port = httpPort}, new { scheme = Uri.UriSchemeHttps, port = securePort} }; CloudTable tableWithSAS = null; TableOperation retrieveOp = TableOperation.Retrieve(entity.PartitionKey, entity.RowKey); foreach (var item in schemesAndPorts) { tableSASUri = TransformSchemeAndPort(tableSASUri, item.scheme, item.port); tableSASStorageUri = new StorageUri(TransformSchemeAndPort(tableSASStorageUri.PrimaryUri, item.scheme, item.port), TransformSchemeAndPort(tableSASStorageUri.SecondaryUri, item.scheme, item.port)); if (protocol.HasValue && protocol.Value == SharedAccessProtocol.HttpsOnly && string.CompareOrdinal(item.scheme, Uri.UriSchemeHttp) == 0) { tableWithSAS = new CloudTable(tableSASUri); TestHelper.ExpectedException(() => tableWithSAS.Execute(retrieveOp), "Access a table using SAS with a shared protocols that does not match", HttpStatusCode.Unused); tableWithSAS = new CloudTable(tableSASStorageUri, null); TestHelper.ExpectedException(() => tableWithSAS.Execute(retrieveOp), "Access a table using SAS with a shared protocols that does not match", HttpStatusCode.Unused); } else { tableWithSAS = new CloudTable(tableSASUri); TableResult result = tableWithSAS.Execute(retrieveOp); Assert.AreEqual(entity.Properties["prop"], ((DynamicTableEntity)result.Result).Properties["prop"]); tableWithSAS = new CloudTable(tableSASStorageUri, null); result = tableWithSAS.Execute(retrieveOp); Assert.AreEqual(entity.Properties["prop"], ((DynamicTableEntity)result.Result).Properties["prop"]); } } } } finally { table.DeleteIfExists(); } }
/// <summary> /// Set up access policy permission /// </summary> /// <param name="policy">SharedAccessBlobPolicy object</param> /// <param name="permission">Permission</param> internal void SetupAccessPolicyPermission(SharedAccessTablePolicy policy, string permission) { if (string.IsNullOrEmpty(permission)) return; policy.Permissions = SharedAccessTablePermissions.None; permission = permission.ToLower(); foreach (char op in permission) { switch (op) { case StorageNouns.Permission.Add: policy.Permissions |= SharedAccessTablePermissions.Add; break; case StorageNouns.Permission.Update: policy.Permissions |= SharedAccessTablePermissions.Update; break; case StorageNouns.Permission.Delete: policy.Permissions |= SharedAccessTablePermissions.Delete; break; case StorageNouns.Permission.Read: case StorageNouns.Permission.Query: policy.Permissions |= SharedAccessTablePermissions.Query; break; default: throw new ArgumentException(string.Format(Resources.InvalidAccessPermission, op)); } } }
public string GetSharedAccessSignature(SharedAccessTablePolicy policy, string accessPolicyIdentifier) { throw new System.NotImplementedException(); }