forked from Azure/azure-sdk-for-net
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Sample02_Auth.cs
139 lines (122 loc) · 5.9 KB
/
Sample02_Auth.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for
// license information.
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.Storage;
using Azure.Storage.Files;
using Azure.Storage.Sas;
using NUnit.Framework;
namespace Azure.Storage.Files.Samples
{
/// <summary>
/// Demonstrate various authorization and authentication mechanisms.
///
/// For more information, see
/// https://docs.microsoft.com/en-us/azure/storage/common/storage-auth
/// </summary>
public class Sample02_Auth : SampleTest
{
/// <summary>
/// Use a connection string to connect to a Storage account.
///
/// A connection string includes the authentication information
/// required for your application to access data in an Azure Storage
/// account at runtime using Shared Key authorization.
/// </summary>
[Test]
public async Task ConnectionStringAsync()
{
// Get a connection string to our Azure Storage account. You can
// obtain your connection string from the Azure Portal (click
// Access Keys under Settings in the Portal Storage account blade)
// or using the Azure CLI with:
//
// az storage account show-connection-string --name <account_name> --resource-group <resource_group>
//
// And you can provide the connection string to your application
// using an environment variable.
string connectionString = ConnectionString;
// Create a client that can authenticate with a connection string
FileServiceClient service = new FileServiceClient(connectionString);
// Make a service request to verify we've succesfully authenticated
await service.GetPropertiesAsync();
}
/// <summary>
/// Use a shared key to access a Storage Account.
///
/// Shared Key authorization relies on your account access keys and
/// other parameters to produce an encrypted signature string that is
/// passed on the request in the Authorization header.
/// </summary>
[Test]
public async Task SharedKeyAuthAsync()
{
// Get a Storage account name, shared key, and endpoint Uri.
//
// You can obtain both from the Azure Portal by clicking Access
// Keys under Settings in the Portal Storage account blade.
//
// You can also get access to your account keys from the Azure CLI
// with:
//
// az storage account keys list --account-name <account_name> --resource-group <resource_group>
//
string accountName = StorageAccountName;
string accountKey = StorageAccountKey;
Uri serviceUri = StorageAccountFileUri;
// Create a SharedKeyCredential that we can use to authenticate
StorageSharedKeyCredential credential = new StorageSharedKeyCredential(accountName, accountKey);
// Create a client that can authenticate with a connection string
FileServiceClient service = new FileServiceClient(serviceUri, credential);
// Make a service request to verify we've succesfully authenticated
await service.GetPropertiesAsync();
}
/// <summary>
/// Use a shared access signature to acces a Storage Account.
///
/// A shared access signature (SAS) is a URI that grants restricted
/// access rights to Azure Storage resources. You can provide a shared
/// access signature to clients who should not be trusted with your
/// storage account key but to whom you wish to delegate access to
/// certain storage account resources. By distributing a shared access
/// signature URI to these clients, you can grant them access to a
/// resource for a specified period of time, with a specified set of
/// permissions.
/// </summary>
[Test]
public async Task SharedAccessSignatureAuthAsync()
{
// Create a service level SAS that only allows reading from service
// level APIs
AccountSasBuilder sas = new AccountSasBuilder
{
// Allow access to files
Services = new AccountSasServices() { Files = true }.ToString(),
// Allow access to the service level APIs
ResourceTypes = new AccountSasResourceTypes() { Service = true }.ToString(),
// Allow read access
Permissions = new AccountSasPermissions() { Read = true }.ToString(),
// Access expires in 1 hour!
ExpiryTime = DateTimeOffset.UtcNow.AddHours(1)
};
// Create a SharedKeyCredential that we can use to sign the SAS token
StorageSharedKeyCredential credential = new StorageSharedKeyCredential(StorageAccountName, StorageAccountKey);
// Build a SAS URI
UriBuilder sasUri = new UriBuilder(StorageAccountFileUri);
sasUri.Query = sas.ToSasQueryParameters(credential).ToString();
// Create a client that can authenticate with the SAS URI
FileServiceClient service = new FileServiceClient(sasUri.Uri);
// Make a service request to verify we've succesfully authenticated
await service.GetPropertiesAsync();
// Try to create a new container (which is beyond our
// delegated permission)
StorageRequestFailedException ex =
Assert.ThrowsAsync<StorageRequestFailedException>(
async () => await service.CreateShareAsync(Randomize("sample-share")));
Assert.AreEqual(403, ex.Status);
}
}
}