Azure Functions Oath2.0 code grant flow

Rutger Verhaar | Adaptfy 1 Reputation point

I have the following requirement: I have a powerbi report with a simple table. One of the columns in the table is image. The powerbi user should be able to click on the button in the image column and it should then display the image in a web browser (or any other location where they can see the image displayed. The user shouldn't be able to download the image.

The images are stored in ADLS and the filepaths to the images can be dynamically generated in pbi. The first option I have tried is adding SAS token to the URL to then retrieve the image. This option was working fine but the problem is that anyone who could get access to the SAS token will then have access to the complete ADLS which has been flagged as insecure.

The other option I have been exploring is to create a function app that will first ask the user to authenticate and once successful return the image. Does anyone know whether it is possible to get this done with a single http request to the function app?

Thanks in advance!

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,376 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,401 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,689 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Pramod Valavala 20,591 Reputation points Microsoft Employee

    @Rutger Verhaar | Adaptfy Firstly, if the customer can view the image, then they are already downloading it to their computers. While there may be deterrents, there are no real ways to prevent users from downloading images.

    As for serving these images with authentication, Azure Functions are a great option. You can even leverage the Authentication / Authorization Feature which setups OAuth2.0 Code Grant Flow for you with no code. Users will be redirected to login automatically and back to the function app URI once done.

    0 comments No comments