Grant limited access to Dataverse files using shared access signatures
For one hour, anyone can download a file stored in Dataverse using a url generated using the GetFileSasUrl message. This url provides anonymous access for anyone during this hour, starting when the url is generated. The person calling GetFileSasUrl to generate the url must have access to the record containing the file.
Files can be attachments, notes, file columns, or image columns. Some limitations apply
Note
Administrators can configure the tenant to limit downloads based on the IP address of client applications using the SAS IP restriction feature (preview). When this is enabled, users will get a 401 error when the IP address for their computer does't meet the restrictions set for the tenant and they try to download the file.
Parameters
The GetFileSasUrl message has the following parameters:
| Name | Type | Description |
|---|---|---|
Target |
EntityReference/ crmbaseentity |
Identifies the table row with the file or image data. |
FileAttributeName |
string | Identifies the name of the file or image column with the data. For note and attribute records, this value must be an empty string. |
DataSource |
string | A value of "retained" or "bin" when the record was flagged for long-term data retention or deleted in a table with the recycle bin feature enabled. |
Response
The data returned by the GetFileSasUrl message has a Result property with this data:
| Name | Type | Description |
|---|---|---|
FileName |
string | The file name. |
FileSizeInBytes |
int64 | The file size in bytes. |
MimeType |
string | The mime type of the file. |
SasUrl |
string | The shared access signature (SAS) URL that can be used to access the file. |
Examples
These example functions show how to use the GetFileSasUrl message with both the SDK for .NET and Web API.
This static GetFileSasUrl method uses the GetFileSasUrlRequest and GetFileSasUrlResponse classes. The GetFileSasUrlResponse.Result property returns a FileSasUrlResponse class instance with information needed to anonymously download a file.
/// <summary>
/// Generates a link for anonymous access to a file.
/// </summary>
/// <param name="service">The authenticated IOrganizationService instance.</param>
/// <param name="target">The record that has the file data.</param>
/// <param name="fileAttributeName">Optional name of the file or image column</param>
/// <param name="dataSource">Optional source of the data when retained or deleted.</param>
/// <returns>Information to download a file</returns>
static FileSasUrlResponse GetFileSasUrl(IOrganizationService service,
EntityReference target,
string? fileAttributeName = null,
string? dataSource = null) {
var request = new GetFileSasUrlRequest() {
Target = target
};
if (target.LogicalName == "annotation" ||
target.LogicalName == "activitymimeattachment"){
//FileAttributeName is required
request.FileAttributeName = string.Empty;
}
else
{
if (!string.IsNullOrEmpty(fileAttributeName))
{
request.FileAttributeName = fileAttributeName;
}
else
{
string message = "fileAttributeName is required ";
message += "when the target isn't annotation ";
message += "or activitymimeattachment";
throw new Exception(message);
}
}
if (!string.IsNullOrEmpty(dataSource)) {
//dataSource should be 'retained' or 'bin'
request.DataSource = dataSource;
}
var response = (GetFileSasUrlResponse)service.Execute(request);
return response.Result;
}
Limitations
The following limitations apply:
GetFileSasUrlonly works for image columns configured to support full-size images. Learn to detect which image columns support full-sized imagesGetFileSasUrldoesn't work for environments that continue to use self-manage database encryption key feature (BYOK). Customers using BYOK need to migrate to use customer managed key (CMK) to useGetFileSasUrl.
See also
Files and images overview
Use file column data
Use image column data
Use file data with Attachment and Note records