Azure
diff --git a/‎src/Storage/Storage.Management/ChangeLog.md
Lines changed: 8 additions & 0 deletions b/‎src/Storage/Storage.Management/ChangeLog.md
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs
Lines changed: 30 additions & 72 deletions b/‎src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs
Lines changed: 30 additions & 72 deletions
diff --git a/‎src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs
Lines changed: 22 additions & 56 deletions b/‎src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs
Lines changed: 22 additions & 56 deletions
diff --git a/‎src/Storage/Storage/Common/AzureStorageBlob.cs
Lines changed: 1 addition & 1 deletion b/‎src/Storage/Storage/Common/AzureStorageBlob.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs
Lines changed: 7 additions & 32 deletions b/‎src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs
Lines changed: 7 additions & 32 deletions
diff --git a/‎src/Storage/Storage/Common/Cmdlet/NewAzureStorageContext.cs
Lines changed: 0 additions & 2 deletions b/‎src/Storage/Storage/Common/Cmdlet/NewAzureStorageContext.cs
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/Storage/Storage/Common/SasTokenHelper.cs
Lines changed: 6 additions & 5 deletions b/‎src/Storage/Storage/Common/SasTokenHelper.cs
Lines changed: 6 additions & 5 deletions
@@ -22,6 +22,14 @@
 * Supported creationTime filter in Blob Inventory
     - `New-AzStorageBlobInventoryPolicyRule`
 * Upgraded Azure.Core to 1.35.0.
+* [Breaking Change] Removed prefix '?' of the created SAS token
+    - `New-AzStorageBlobSasToken`
+    - `New-AzStorageContainerSasToken`
+    - `New-AzStorageAccountSasToken`
+    - `New-AzStorageFileSasToken`
+    - `New-AzStorageShareSasToken`
+    - `New-AzStorageQueueSasToken`
+    - `New-AzStorageTableSasToken`
 
 ## Version 5.10.1
 * Added warning messages for an upcoming breaking change that the output Permissions will be changed to a string when creating and updating a Queue access policy
 
@@ -30,7 +30,6 @@ namespace Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet
     using global::Azure.Storage;
     using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 
-    [GenericBreakingChangeWithVersion("The leading question mark '?' of the created SAS token will be removed in a future release.", "11.0.0", "6.0.0")]
     [Cmdlet("New", Azure.Commands.ResourceManager.Common.AzureRMConstants.AzurePrefix + "StorageBlobSASToken", DefaultParameterSetName = BlobNamePipelineParmeterSetWithPermission, SupportsShouldProcess = true), OutputType(typeof(String))]
     public class NewAzureStorageBlobSasTokenCommand : StorageCloudBlobCmdletBase
     {
@@ -182,7 +181,7 @@ public override void ExecuteCmdlet()
 
             // When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
             bool generateUserDelegationSas = false;
-            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials !=null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
+            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
             {
                 if (ShouldProcess(blob.Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
                 {
@@ -197,83 +196,42 @@ public override void ExecuteCmdlet()
                     return;
                 }
             }
-
-            if (!(blob is InvalidCloudBlob) && !UseTrack2Sdk())
+            //Get blob instance
+            BlobBaseClient blobClient;
+            if (this.BlobBaseClient != null)
             {
-
-                SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
-                bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, blob.Container.Name, accessPolicy, accessPolicyIdentifier);
-                SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
-                string sasToken = GetBlobSharedAccessSignature(blob, accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange), generateUserDelegationSas);
-
-                if (FullUri)
-                {
-                    string fullUri = blob.SnapshotQualifiedUri.ToString();
-                    if (blob.IsSnapshot)
-                    {
-                        // Since snapshot URL already has '?', need remove '?' in the first char of sas
-                        fullUri = fullUri + "&" + sasToken.Substring(1);
-                    }
-                    else
-                    {
-                        fullUri = fullUri + sasToken;
-                    }
-                    WriteObject(fullUri);
-                }
-                else
-                {
-                    WriteObject(sasToken);
-                }
+                blobClient = this.BlobBaseClient;
             }
-            else // Use Track2 SDk
+            else
             {
-                //Get blob instance
-                BlobBaseClient blobClient;
-                if (this.BlobBaseClient != null)
-                {
-                    blobClient = this.BlobBaseClient;
-                }
-                else
-                {
-                    blobClient = AzureStorageBlob.GetTrack2BlobClient(blob, Channel.StorageContext, this.ClientOptions);
-                }
+                blobClient = AzureStorageBlob.GetTrack2BlobClient(blob, Channel.StorageContext, this.ClientOptions);
+            }
 
-                // Get contaienr saved policy if any
-                BlobSignedIdentifier identifier = null;
-                if (ParameterSetName == BlobNamePipelineParmeterSetWithPolicy || ParameterSetName == BlobPipelineParameterSetWithPolicy)
-                {
-                    BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(Channel.GetContainerReference(blobClient.BlobContainerName), Channel.StorageContext, ClientOptions);
-                    identifier = SasTokenHelper.GetBlobSignedIdentifier(container, this.Policy, CmdletCancellationToken);
-                }
+            // Get contaienr saved policy if any
+            BlobSignedIdentifier identifier = null;
+            if (ParameterSetName == BlobNamePipelineParmeterSetWithPolicy || ParameterSetName == BlobPipelineParameterSetWithPolicy)
+            {
+                BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(Channel.GetContainerReference(blobClient.BlobContainerName), Channel.StorageContext, ClientOptions);
+                identifier = SasTokenHelper.GetBlobSignedIdentifier(container, this.Policy, CmdletCancellationToken);
+            }
 
-                //Create SAS builder
-                BlobSasBuilder sasBuilder = SasTokenHelper.SetBlobSasBuilder_FromBlob(blobClient, identifier, this.Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol, this.EncryptionScope);                
+            //Create SAS builder
+            BlobSasBuilder sasBuilder = SasTokenHelper.SetBlobSasBuilder_FromBlob(blobClient, identifier, this.Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol, this.EncryptionScope);
 
-                //Create SAS and ourput
-                string sasToken = SasTokenHelper.GetBlobSharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, ClientOptions, CmdletCancellationToken);
-                if (sasToken[0] != '?')
-                {
-                    sasToken = "?" + sasToken;
-                }
+            //Create SAS and output
+            string sasToken = SasTokenHelper.GetBlobSharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, ClientOptions, CmdletCancellationToken);
+            
+            // remove prefix "?" of SAS if any
+            sasToken = Util.GetSASStringWithoutQuestionMark(sasToken);
 
-                if (FullUri)
-                {
-                    string fullUri = blobClient.Uri.ToString();
-                    if (blob.IsSnapshot)
-                    {
-                        // Since snapshot URL already has '?', need remove '?' in the first char of sas
-                        fullUri = fullUri + "&" + sasToken.Substring(1);
-                    }
-                    else
-                    {
-                        fullUri = fullUri + sasToken;
-                    }
-                    WriteObject(fullUri);
-                }
-                else
-                {
-                    WriteObject(sasToken);
-                }
+            if (FullUri)
+            {
+                string fullUri = SasTokenHelper.GetFullUriWithSASToken(blobClient.Uri.ToString(), sasToken);
+                WriteObject(fullUri);
+            }
+            else
+            {
+                WriteObject(sasToken);
             }
         }
 
 
@@ -27,7 +27,6 @@ namespace Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet
     using global::Azure.Storage.Sas;
     using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 
-    [GenericBreakingChangeWithVersion("The leading question mark '?' of the created SAS token will be removed in a future release.", "11.0.0", "6.0.0")]
     [Cmdlet("New", Azure.Commands.ResourceManager.Common.AzureRMConstants.AzurePrefix + "StorageContainerSASToken", SupportsShouldProcess = true), OutputType(typeof(String))]
     public class NewAzureStorageContainerSasTokenCommand : StorageCloudBlobCmdletBase
     {
@@ -129,7 +128,7 @@ public override void ExecuteCmdlet()
 
             // When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
             bool generateUserDelegationSas = false;
-            if (Channel!=null && Channel.StorageContext!= null && Channel.StorageContext.StorageAccount.Credentials != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
+            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
             {
                 if (ShouldProcess(Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
                 {
@@ -144,67 +143,34 @@ public override void ExecuteCmdlet()
                     return;
                 }
             }
+            //Get container instance
+            CloudBlobContainer container_Track1 = Channel.GetContainerReference(Name);
+            BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
 
-            if (!UseTrack2Sdk()) // Track1
+            // Get contaienr saved policy if any
+            Track2Models.BlobSignedIdentifier identifier = null;
+            if (ParameterSetName == SasPolicyParmeterSet)
             {
-                CloudBlobContainer container = Channel.GetContainerReference(Name);
-                SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
-                bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, container.Name, accessPolicy, accessPolicyIdentifier);
-                SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
-                string sasToken;
-
-                if (generateUserDelegationSas)
-                {
-                    UserDelegationKey userDelegationKey = Channel.GetUserDelegationKey(accessPolicy.SharedAccessStartTime, accessPolicy.SharedAccessExpiryTime, null, null, OperationContext);
-                    sasToken = container.GetUserDelegationSharedAccessSignature(userDelegationKey, accessPolicy, null, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
-                }
-                else
-                {
-                    sasToken = container.GetSharedAccessSignature(accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
-                }
-
-                if (FullUri)
-                {
-                    string fullUri = SasTokenHelper.GetFullUriWithSASToken(container.Uri.AbsoluteUri.ToString(), sasToken);
-                    WriteObject(fullUri);
-                }
-                else
-                {
-                    WriteObject(sasToken);
-                }
+                identifier = SasTokenHelper.GetBlobSignedIdentifier(container, this.Policy, CmdletCancellationToken);
             }
-            else //Track2
-            {
-                //Get container instance
-                CloudBlobContainer container_Track1 = Channel.GetContainerReference(Name);
-                BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
 
-                // Get contaienr saved policy if any
-                Track2Models.BlobSignedIdentifier identifier = null;
-                if (ParameterSetName == SasPolicyParmeterSet)
-                {
-                    identifier = SasTokenHelper.GetBlobSignedIdentifier(container, this.Policy, CmdletCancellationToken);
-                }
+            //Create SAS builder
+            BlobSasBuilder sasBuilder = SasTokenHelper.SetBlobSasBuilder_FromContainer(container, identifier, this.Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol, this.EncryptionScope);
 
-                //Create SAS builder
-                BlobSasBuilder sasBuilder = SasTokenHelper.SetBlobSasBuilder_FromContainer(container, identifier, this.Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol, this.EncryptionScope);
+            //Create SAS and output it
+            string sasToken = SasTokenHelper.GetBlobSharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, ClientOptions, CmdletCancellationToken);
 
-                //Create SAS and output it
-                string sasToken = SasTokenHelper.GetBlobSharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, ClientOptions, CmdletCancellationToken);
-                if (sasToken[0] != '?')
-                {
-                    sasToken = "?" + sasToken;
-                }
+            // remove prefix "?" of SAS if any
+            sasToken = Util.GetSASStringWithoutQuestionMark(sasToken);
 
-                if (FullUri)
-                {
-                    string fullUri = SasTokenHelper.GetFullUriWithSASToken(container.Uri.AbsoluteUri.ToString(), sasToken);
-                    WriteObject(fullUri);
-                }
-                else
-                {
-                    WriteObject(sasToken);
-                }
+            if (FullUri)
+            {
+                string fullUri = SasTokenHelper.GetFullUriWithSASToken(container.Uri.AbsoluteUri.ToString(), sasToken);
+                WriteObject(fullUri);
+            }
+            else
+            {
+                WriteObject(sasToken);
             }
         }
 
 
@@ -315,7 +315,7 @@ public AzureStorageBlob(TaggedBlobItem blob, AzureStorageContext storageContext,
             Uri blobUri = uriBuilder.ToUri();
             if (storageContext.StorageAccount != null && storageContext.StorageAccount.Credentials != null && storageContext.StorageAccount.Credentials.IsSAS)
             {
-                blobUri= new Uri(blobUri.ToString() + storageContext.StorageAccount.Credentials.SASToken);
+                blobUri= new Uri(blobUri.ToString() + "?" + Util.GetSASStringWithoutQuestionMark(storageContext.StorageAccount.Credentials.SASToken));
             }
             this.privateBlobBaseClient = Util.GetTrack2BlobClient(blobUri, storageContext, options);
 
 
@@ -23,7 +23,6 @@ namespace Microsoft.WindowsAzure.Commands.Storage.Common.Cmdlet
     using global::Azure.Storage;
     using Microsoft.WindowsAzure.Commands.Common.CustomAttributes;
 
-    [GenericBreakingChangeWithVersion("The leading question mark '?' of the created SAS token will be removed in a future release.", "11.0.0", "6.0.0")]
     [Cmdlet("New", Azure.Commands.ResourceManager.Common.AzureRMConstants.AzurePrefix + "StorageAccountSASToken"), OutputType(typeof(String))]
     public class NewAzureStorageAccountSasTokenCommand : StorageCloudBlobCmdletBase
     {
@@ -92,42 +91,18 @@ public NewAzureStorageAccountSasTokenCommand(IStorageBlobManagement channel)
         [PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
         public override void ExecuteCmdlet()
         {
-            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount != null 
+            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount != null
                 && Channel.StorageContext.StorageAccount.Credentials != null && !Channel.StorageContext.StorageAccount.Credentials.IsSharedKey)
             {
                 throw new ArgumentException("Storage account SAS token must be secured with the storage account key.", "Context");
             }
-            if (!UseTrack2Sdk()) // Track1
-            {
-                var sharedAccessPolicy = new SharedAccessAccountPolicy()
-                {
-                    Permissions = SetupAccessPolicyPermission(this.Permission),
-                    Services = Service,
-                    ResourceTypes = ResourceType,
-                    Protocols = Protocol,
-                    IPAddressOrRange = Util.SetupIPAddressOrRangeForSAS(this.IPAddressOrRange)
-                };
-
-                DateTimeOffset? accessStartTime;
-                DateTimeOffset? accessEndTime;
-                SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime,
-                    out accessStartTime, out accessEndTime, true);
-                sharedAccessPolicy.SharedAccessStartTime = accessStartTime;
-                sharedAccessPolicy.SharedAccessExpiryTime = accessEndTime;
-
-                this.WriteObject(Channel.GetStorageAccountSASToken(sharedAccessPolicy));
-            }
-            else
-            {
-                AccountSasBuilder sasBuilder = SasTokenHelper.SetAccountSasBuilder(this.Service, this.ResourceType, Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol, this.EncryptionScope);
-                string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(Channel.StorageContext.StorageAccountName, Channel.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString();
-                if (sasToken[0] != '?')
-                {
-                    sasToken = "?" + sasToken;
-                }
-                this.WriteObject(sasToken);
-            }
+            AccountSasBuilder sasBuilder = SasTokenHelper.SetAccountSasBuilder(this.Service, this.ResourceType, Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol, this.EncryptionScope);
+            string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(Channel.StorageContext.StorageAccountName, Channel.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString();
+            
+            // remove prefix "?" of SAS if any
+            sasToken = Util.GetSASStringWithoutQuestionMark(sasToken);
 
+            this.WriteObject(sasToken);
         }
 
         /// <summary>
 
@@ -151,8 +151,6 @@ public class NewAzureStorageContext : AzureDataCmdlet
         public string StorageAccountKey { get; set; }
 
         private const string SasTokenHelpMessage = "Azure Storage SAS Token";
-        [CmdletParameterBreakingChangeWithVersion("SasToken", "11.0.0", "6.0.0", ChangeDescription = "The SAS token in created Storage context properties " +
-            "'ConnectionString' and 'StorageAccount.Credentials' won't have the leading question mark '?' in a future release.")]
         [Parameter(HelpMessage = SasTokenHelpMessage,
             Mandatory = true, ParameterSetName = SasTokenParameterSet)]
         [Parameter(HelpMessage = SasTokenHelpMessage,
 
@@ -237,17 +237,18 @@ public static void SetupAccessPolicyLifeTime(DateTime? startTime, DateTime? expi
         }
 
         public static string GetFullUriWithSASToken(string absoluteUri, string sasToken)
-        {
+        {            
+            // make sure sas token not contains prefix "?"
+            sasToken = Util.GetSASStringWithoutQuestionMark(sasToken);
 
             if (absoluteUri.Contains("?"))
             {
-                // There is already a query string in the URI,
-                // remove "?" from sas token.
-                return absoluteUri + "&" + sasToken.Substring(1);
+                // There is already a query string in the URI, so just append sas
+                return absoluteUri + "&" + sasToken;
             }
             else
             {
-                return absoluteUri + sasToken;
+                return absoluteUri + "?" + sasToken;
             }
         }
Original file line number	Diff line number	Diff line change
`@@ -315,7 +315,7 @@ public AzureStorageBlob(TaggedBlobItem blob, AzureStorageContext storageContext,`
`315`	`315`	`Uri blobUri = uriBuilder.ToUri();`
`316`	`316`	`if (storageContext.StorageAccount != null && storageContext.StorageAccount.Credentials != null && storageContext.StorageAccount.Credentials.IsSAS)`
`317`	`317`	`{`
`318`		`- blobUri= new Uri(blobUri.ToString() + storageContext.StorageAccount.Credentials.SASToken);`
	`318`	`+ blobUri= new Uri(blobUri.ToString() + "?" + Util.GetSASStringWithoutQuestionMark(storageContext.StorageAccount.Credentials.SASToken));`
`319`	`319`	`}`
`320`	`320`	`this.privateBlobBaseClient = Util.GetTrack2BlobClient(blobUri, storageContext, options);`
`321`	`321`
Original file line number	Diff line number	Diff line change
`@@ -237,17 +237,18 @@ public static void SetupAccessPolicyLifeTime(DateTime? startTime, DateTime? expi`
`237`	`237`	`}`
`238`	`238`
`239`	`239`	`public static string GetFullUriWithSASToken(string absoluteUri, string sasToken)`
`240`		`- {`
	`240`	`+ {`
	`241`	`+ // make sure sas token not contains prefix "?"`
	`242`	`+ sasToken = Util.GetSASStringWithoutQuestionMark(sasToken);`
`241`	`243`
`242`	`244`	`if (absoluteUri.Contains("?"))`
`243`	`245`	`{`
`244`		`- // There is already a query string in the URI,`
`245`		`- // remove "?" from sas token.`
`246`		`- return absoluteUri + "&" + sasToken.Substring(1);`
	`246`	`+ // There is already a query string in the URI, so just append sas`
	`247`	`+ return absoluteUri + "&" + sasToken;`
`247`	`248`	`}`
`248`	`249`	`else`
`249`	`250`	`{`
`250`		`- return absoluteUri + sasToken;`
	`251`	`+ return absoluteUri + "?" + sasToken;`
`251`	`252`	`}`
`252`	`253`	`}`
`253`	`254`