Azure Functions Oath2.0 code grant flow

Question

I have the following requirement: I have a powerbi report with a simple table. One of the columns in the table is image. The powerbi user should be able to click on the button in the image column and it should then display the image in a web browser (or any other location where they can see the image displayed. The user shouldn't be able to download the image.

The images are stored in ADLS and the filepaths to the images can be dynamically generated in pbi. The first option I have tried is adding SAS token to the URL to then retrieve the image. This option was working fine but the problem is that anyone who could get access to the SAS token will then have access to the complete ADLS which has been flagged as insecure.

The other option I have been exploring is to create a function app that will first ask the user to authenticate and once successful return the image. Does anyone know whether it is possible to get this done with a single http request to the function app?

Thanks in advance!

Answer 1

@Rutger Verhaar | Adaptfy Firstly, if the customer can view the image, then they are already downloading it to their computers. While there may be deterrents, there are no real ways to prevent users from downloading images.

As for serving these images with authentication, Azure Functions are a great option. You can even leverage the Authentication / Authorization Feature which setups OAuth2.0 Code Grant Flow for you with no code. Users will be redirected to login automatically and back to the function app URI once done.