{% extends "_templates/base.html" %}
{% set page_title = "Uploading Directly to Azure Blob Storage" %}
{% block sidebar %}
{% endblock %}
{% block content %}
{% markdown %}
# Uploading Directly to Azure Blob Storage {: .page-header }

### Summary
Fine Uploader Azure allows your users to upload files directly to your [Azure Blob Storage][blobstorage] container without filtering
the file bytes through one of your servers first.  This will, among other things, allow your application to be a bit
more efficient and scalable.


### How do uploads work?
When a user submits a file to Fine Uploader Azure, the following occurs in the simplest setup:

1. Fine Uploader constructs a URL that will represent the file as a blob once it is in the blob storage container.
2. Fine Uploader sends a GET request to your [signature server][azureserver].  Your server must then create a [Shared Access Signature][sas]
URI for that specific operation and blob.  This URI must be returned in your server's response.
3. Fine Uploader sends a [Put Blob][putblob] request to Azure and includes the file bytes in the request payload.  The URL for this
request is the SAS URI returned by your server in step 2.
4. If the file uploaded successfully, Fine Uploader will send a POST request to your server with the blob details if
you have specified an [`uploadSuccess.endpoint`][uploadsuccess] in your [Fine Uploader Azure options configuration][azureoptions].
If the upload failed, start over at step 2 automatically if the [`retry.enableAuto` option][retryoption] is set to `true`.

The above steps are slightly different if Fine Uploader is [chunking][chunkingfeat] the file.  Instead of a [Put Blob][putblob]
request, Fine Uploader will send a [Put Block][putblock] request to Azure for each piece of the file.
Once all pieces have been successfully uploaded, Fine Uploader will then send a [Put Block List][putblocklist] request,
which asks Azure to combine all the blocks into a blob. Fine Uploader will call your [signature server][azureserver]
before each and every request, asking for a [SAS][sas] URI.


### How do delete file requests work?
If this feature is enabled, Fine Uploader will send a [Delete Blob][deleteblob] request directly to Azure when
asked to delete a file.  As usual, your [signature server][azureserver] will be called on to provide a [SAS][sas] URI
before this request is sent to Azure.  Note that even if this feature is disabled, Fine Uploader will issue a [Delete Blob][deleteblob]
request to Azure if a user cancels an in-progress [chunked][chunkingfeat] upload.  This is necessary to ensure that the
uncommitted blocks are cleaned up by Azure.


### What features are available?
All features present in the traditional endpoint uploader are also available in Fine Uploader Azure, with one notable
omission.  Fine Uploader Azure does not support IE9 and older.  This is due to the fact that Azure's API does
not allow files to be uploaded via multipart encoded POST requests, which is critical for IE9 and older support.
If you need to support IE9 and older, you will need to load/use Fine Uploader with its traditional endpoint
handler if the value of [`qq.supportedFeatures.ajaxUploading`][supportedfeatures] is `false`.

### Is this secure?
There is nothing inherently insecure about this workflow, provided you take appropriate precautions:

* Ensure your [SAS][sas] URIs are short-lived.  An expiration date of a few minutes or seconds is appropriate.
* When constructing your [SAS][sas] URI, only attach the required permission(s) to the URI.
* Examine the blob URI before generating a [SAS][sas].  It is potentially unwise to blindly generate signatures.
* Keep your Azure storage account key a secret.  Do not commit it to any public repository.
Ensure it is never sent to the client in a response or cookie.
* When creating CORS rules for your container, only authorize your domain(s), the expected request headers, and
the expected request methods.  Avoid using wildcards as values whenever possible.  Also, keep in mind that CORS
is NOT a security mechanism.


### How do I use this?
Please see the getting started guides on [the home page of this documentation site](/#quickstart).

[blobstorage]: http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-how-to-use-blobs-20/
[azureserver]: ../endpoint_handlers/azure.html
[sas]: http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
[putblob]: http://msdn.microsoft.com/en-us/library/windowsazure/dd179451.aspx
[putblock]: http://msdn.microsoft.com/en-us/library/windowsazure/dd135726.aspx
[putblocklist]: http://msdn.microsoft.com/en-us/library/windowsazure/dd179467.aspx
[deleteblob]: http://msdn.microsoft.com/en-us/library/windowsazure/dd179413.aspx
[uploadsuccess]: ../api/options-azure.html#uploadSuccess
[azureoptions]: ../api/options-azure.html
[retryoption]: ../api/options.html#retry
[chunkingfeat]: ../features/chunking.html
[supportedfeatures]: ../browser-support.html#feature-detection

{% endmarkdown %}
{% endblock %}