Storage Connections

Description

Storage is an Alpha Anywhere abstraction for dealing with different types of storage using a standard interface. Several types of storage are supported, including Amazon S3, Azure, Wasabi, SharePoint, and Disk storage.

Discussion

Storage is used for storing files.

To work with Storage you will need a storage connection string to 'connect' to the storage object.

Named connection strings are typically used (in much the same way that named AlphaDAO connection strings are used when you connect to a SQL database).

To create a named storage connection string, select the Tools, Storage Connection strings menu item from the Tools menu when the Web Control Panel has focus.

images/TOOLSMENU_STORAGE.jpg

This will open a dialog where you can create as many named storage connection strings as you want.

When you create or edit a named storage connection string, the Connection String dialog is shown:

images/storageconnectionstringdialog.jpg

Named storage connection strings are published in the a5_application.a5i file when you publish your application.

Named Storage Connection String Builder Settings 

The Named Storage Connection String Builder is used to build a named connection string to a storage container stored in Amazon S3, Azure, or on disk. A description of general settings and settings for each storage type are listed below.

  • General Storage Connection Settings 

    These are general settings that apply to all storage types.

    Property
    Description
    Storage Provider

    Where the files are stored. Files can be stored on Amazon S3, Azure or on Disk on the server hosting the Alpha Anywhere Application Server.

    Triple-DES Object Encryption Key (optional)

    If specified, used to encrypt the data in transit and at rest in the data container. Encryption takes place in the Alpha Anywhere Application Server. Click Generate a New Key to generate a random encryption key.

    Encrypt Connection String

    If checked, storage connection string will be encrypted using the specified passphrase.

    Encryption Passphrase

    The passphrase used to encrypt the connection string.

    Container Must Exist

    Check if the specified container or bucket must exist.

    Request Timeout (milliseconds)

    The timeout length specified as milliseconds. Used when connecting to or communicating with the storage container. If no response is received after the specified timeout, the operation is cancelled.

    Some Alpha Anywhere features and Xbasic functions do not support encrypted storage connections.

  • Amazon S3 Storage Connection Settings 

    When configuring a storage connection string for Amazon S3, you will have access to the settings below:

    Property
    Description
    Region

    The region where the Amazon S3 bucket is located.

    Access Key

    Your Amazon S3 access key.

    Secret Key

    The secret key for your Amazon S3 account.

    Show Secret Key

    If checked, shows the secret key in plaintext.

    Container Name

    The Amazon S3 bucket where files are stored.

  • Azure Storage Connection Settings 

    These settings are for configuring an Azure storage connection.

    Property
    Description
    Use Test Storage

    If checked, uses the test storage container for Azure. Test Storage does not require an Account or Access Key.

    Account

    Your Azure account name.

    Access Key

    Your access key for your Azure account.

    Show Access Key

    If checked, shows the access key in plaintext.

    Container Name

    The Azure container where files are stored.

  • Disk Storage Connection Settings 

    A "Disk" storage connection can be used to store files outside the webroot on the server running the Alpha Anywhere Application Sever. Using a storage connection is preferred to accessing directories directly using the FILE object in Xbasic, especially if you are using the Application Server for IIS.

    Property
    Description
    User Name

    The user name for accessing a network share. For deployed web applications, grant the machine and account access to the share instead of putting a user name and password into a connection string. This will simplify management and reduce the chance of someone gaining access to the user name and password.

    Password

    The password for your user name.

    Show Password

    If checked, shows the password in plaintext.

    Parent Path

    The base path on the server to the directory where files are stored.

  • Wasabi Storage Connection Settings 

    These settings are for configuring a Wasabi storage connection.

    Property
    Description
    Region

    The region where the Wasabi Storage container is located.

    Access Key

    Your Wasabi Storage access key.

    Secret Key

    The secret key for your Wasabi Storage account.

    Show Secret Key

    If checked, shows the secret key in plaintext.

    Container Name

    The Wasabi Storage bucket where files are stored.

  • SharePoint 365 

    These settings are for configuring a SharePoint 365 storage connection.

    Property
    Description
    Resource URI

    The URL for your SharePoint 365 site.

    Tenant Id

    Your SharePoint Tenant ID. Use the SharePoint Connection String Genie to get your Tenant Id.

    Client Id

    The Client Id for your trusted SharePoint application that grants access to your SharePoint site. Use the SharePoint Connection String Genie to get your Client Id.

    Secret

    The Client Secret for your trusted SharePoint application. Use the SharePoint Connection String Genie to get your Client Secret.

    Uses Secret

    Enables the Secret control. This option is always checked for SharePoint 365 connections.

    Folder

    The location where SharePoint 365 files are stored. This value should always be "Shared Documents".

    See Connecting to SharePoint to learn how to create and configure a SharePoint 365 storage connection.

  • Google Drive 

    These settings are for configuring a Google Drive storage connection.

    Property
    Description
    Google Folder Id

    The id of your Google Drive folder. The id is found after the https://drive.google.com/drive/folders/ portion of the URL for a Google Drive folder.

    Google Service Account

    The JSON definition containing credentials for a Google Service Account. The Service Account must be granted permissions to access the Google Drive folder specified in Google Folder Id. See Connecting to Google Drive for more information.

    See Connecting to Google Drive to learn how to create and configure a Google Drive storage connection.

  • Dropbox 

    These settings are for configuring a Dropbox storage connection.

    Properties
    Description
    Short Lived Token

    Specifies if the Dropbox access token should be requested via oAuth before access (short lived) or is a non-expiring token (long lived).

    Token

    Your Dropbox Token.

    Refresh Token

    If Short Lived Token is checked, the refresh token for your Dropbox account.

    App Key

    If Short Lived Token is checked, your Dropbox App Key.

    App Secret

    If Short Lived Token is checked, your Dropbox App Secret.

    See Connecting to Dropbox to learn how to create and configure a Dropbox storage connection.

Xbasic Functions for Working with Storage 

Several Xbasic helper functions make it easy to work with the storage. These helper functions are written on top of the low level storage objects are listed below.

Function
Description
a5Storage_saveFile()

Saves a file in storage

a5Storage_saveData()

Saves binary data in storage

a5storage_copyFiles()

Copies a folder or list of files to storage. Only supports Amazon S3, Wasabi, or other Amazon S3 compatible cloud storage services.

a5Storage_getItemProperties()

Gets information about a file in storage

a5Storage_getItem_as_blob()

Retrieves an item from storage to a variable

a5Storage_getItem_as_file()

Retrieves an item from storage and stores it as a local file

a5Storage_listItems()

Create a CRLF delimited list of items in storage

a5Storage_deleteItem()

Deletes an item from storage

Setting Permissions for Storage 

Each type of storage has a mechanism for securing the objects stored.

Storage Type
Securing Containers and Items
Disk

For Disk storage, containers and items are called folders and files. Folders and files are secured using Access Control Lists.

Folders and files can be managed through the Windows user interface.

Azure

For Azure storage, containers and items are called containers and blobs. Containers and blobs can have permissions set on them as well.

See Microsoft Azure Container and Blob Permissions for more information on security Azure storage.

Amazon Simple Storage Service (S3)

For Amazon S3 storage, containers and items are called buckets and objects. Buckets and objects can be authorized by user as well as having public permissions set on them.

Below are some examples of permissions you may need to set to manage objects in a bucket:

To verify a storage connection string in the connection string dialog - s3:GetBucketLocation

To list buckets and objects - s3:ListBucket, s3:ListObjects

To read objects - s3:GetObject, and s3:GetObjectVersion

To delete objects - s3:DeleteObject

To store new objects - s3:PutObject and s3:PutObjectAcl

There are many other permissions that you can grant for buckets and objects. See Amazon S3 Permissions for more information on security Amazon S3 storage.

Videos 

Creating a Google Drive Storage Connection

In this video we show how you can create a named connection string for Google Dive and then how you can read/write files in your Google Drive.

2022-02-25

Creating a Dropbox Storage Connection

In this video, we show how you can create a name connection string for Dropbox.

2022-03-04