Azure Storage with its high availability and numerous features has always been a storage of choice for many requirements. When it comes to Power Platform we should carefully weigh the options that we have for storing files. Besides the native Dataverse that is fully integrated with the platform, but comes with the highest costs, there are other alternatives like SharePoint and Blob storage in Azure Storage.
Azure Uploader is a PCF control that is built to reduce the effort of integrating with Azure’s Blob storage. It makes it easy to upload files with virtually no limit in size, directly to blob storage in a secure way.
You might be wondering why directly from the browser and what about the security. To store files in blob container you have two major options.
- The first option is to upload the file to a proxy service and the proxy service would then upload the file to the storage behind the scene. This gives you the advantage of being able to do some processing (e.g. validate the content) before storing the file. But it comes with the extra effort required to build the service and maintain it over time. In addition to that you need to make sure this new service has the required availability (or SLA) required for your application. As the old saying goes, you will have one more layer that things can go wrong.
- The second option is to have a very simple proxy service (that you might already have) generate a short-lived SAS token with limited access, share it with the client and the client would take care of uploading the file. This way you can rely on the availability and capacity of Azure Storage service.
You should consider that files coming from the client cannot be trusted, so you might need to put in place a process to validate them before use. In the first approach the proxy service is able to validate files during the transfer, but in the second approach you should do this validation later. For example a Power Automate flow, a Logic App, or an Azure Function App can be triggered and do this asynchronously.
Azure Uploader relies on the second approach. This means that you just need to generate a SAS token in your app and share it with the uploader. Generating a SAS token is very easy thanks to the out-of-the-box Azure Storage Blob connector.
The following Power FX code, generates a new SAS token using Azure Storage Blob connector (called AzureBlobStorage) and stores it in a variable called SasToken.
Set(
SasResult,
AzureBlobStorage.CreateShareLinkByPathV2(
"mystorageaccount",
"/mycontainer",
{
AccessProtocol: "HttpsOnly",
ExpiryTime: DateAdd(Now(), Hours, 1),
Permissions:"Write,Add,Create"
}
)
);
Set(
SasToken,
Mid(SasResult.WebUrl, Find("?", SasResult.WebUrl) + 1)
);- The above code, generates a code that is valid only for one hour
DateAdd(Now(), Hours, 1)and only hasWrite,Add,Createpermissions. - The
SasResultvariable that is set in the first step contains a propertyWebUrlwhich holds a URL that has the SAS token in its query string. That is why the lineMid(SasResult.WebUrl, Find("?", SasResult.WebUrl) +1)is used to extract only the part after “?” store it inSasTokenvariable.
Done by code 
Leave a Reply