Requirements and Updates for Using SAS to Access the Internal Azure Storage - Knowledgebase / Lasernet FO Connector / D365 FO Connector General Information - Formpipe Support Portal

Requirements and Updates for Using SAS to Access the Internal Azure Storage

Last updated: 18 Feb 2025 by Nicole Ojeda

This article aims to inform Lasernet FO Connector users about the prerequisites and software changes that will be needed once Microsoft restricts the use of connection strings to access the Internal Azure Storage managed by Finance and Operations.

This quick guide is intended for Formpipe staff, customers, and partners.

No action is required when using an External Azure Storage option and if Document handling is not used within Lasernet FO Connector.

Prerequisites

Microsoft's deprecation of the connection string is not related to any specific Product Updates (PUs). It is a measure that Microsoft can implement in the following versions:

Finance and Operations newest PU65 (10.0.41 versions equal to/newer than 7.0.7352.111), PU66 (10.0.42), or PU67 (10.0.43)
Minimum Lasernet FO Connector version: 7.1
Minimum Lasernet version: 10.10.1

Lasernet Configuration

Follow these steps to achieve the needed configuration within Lasernet:

1. In Lasernet Developer, select the Scripts option in the Tools menu.

2. Open LAC functions and replace the setDatabaseConnection(prefix) function with the following script:

// Sets Database connection for outgoing file
function setDatabaseConnection(prefix)
{
if (job.getJobInfo(prefix + 'StorageType').toLowerCase() == 'AzureStorage'.toLowerCase() ||
	job.getJobInfo(prefix + 'StorageType').toLowerCase() == 'AxDocuments'.toLowerCase())
	{
		job.setJobInfo('SASAccountName', job.getJobInfo('AzureServiceBusSASAccountName'));		// Added for supporting SAS 
		job.setJobInfo('SASContainer', job.getJobInfo(prefix + 'FileStorageCategory'));			// Added for supporting SAS 
		job.setJobInfo('SASToken', job.getJobInfo('AzureServiceBusSASToken_' + job.getJobInfo(prefix + 'FileStorageCategory'))); // Added for supporting SAS 
		if (job.getJobInfo(prefix + 'StorageConnection') && 
		job.getJobInfo(prefix + 'StorageConnection').toLowerCase() != '-Empty-'.toLowerCase() &&
		job.getJobInfo(prefix + 'StorageConnection').toLowerCase() != 'Azure Storage'.toLowerCase() &&
		job.getJobInfo(prefix + 'StorageConnection').toLowerCase() != 'Azure Storage SAS'.toLowerCase())
 		{
			job.setJobInfo('DatabaseConnection', job.getJobInfo(prefix + 'StorageConnection'), true);	
		}
        else
        {
			if (job.getJobInfo(prefix + 'StorageType').toLowerCase() == 'AxDocuments'.toLowerCase() && 
			job.getJobInfo('AzureServiceBusSASToken_' + job.getJobInfo(prefix + 'FileStorageCategory'))!='')
			{
			job.setJobInfo('DatabaseConnection', 'Azure Storage SAS', true); 	// 'Azure Storage SAS' is default for SAS, MS managed env.
			}
			else
			{
			job.setJobInfo('DatabaseConnection', 'Azure Storage', true); 	// 'Azure Storage' is default for connection-string, DEV,CHE,UDE env.
			}
        }
        logger.logEvent(0, 'Setting database connection: ' + job.getJobInfo('DatabaseConnection'));
	}
}

3. Open Attach documents and replace the attachDocument(prefix) function with the following script:

// Adding documents with names (prefix)Attachment* to attachments list
function attachDocument(prefix)
{
     setDatabaseConnection(prefix + 'Attachment');
     attachDocumentGeneric(prefix, 'Attachment');
}

4. Select the Commands option in the Tools menu and navigate to Connections.

5. Add a connection as shown in the following image and fill the Properties fields as follows:

Name: Azure Storage SAS

Storage account name: #SASAccountName#

Blob Container/Queue: #SASContainer#

SAS Token: #SASToken#

The new Azure Storage SAS connection will be used for user-delegated SAS in Microsoft-hosted environments and for non-user-delegated SAS in CHE and UDE environments.

Connection strings are supported in local DEV environments.

Lasernet FO Connector Configuration

If SAS is supported in the environment, Lasernet FO Connector will provide the necessary information to access the Lasernet server(s) via either a user-delegated SAS or a non-user-delegated through the Service Bus Queue.

Only when entering an ASB Outgoing connection will the system use the Lasernet Azure Storage connection for local DEV environments in Finance and Operations; the Lasernet Azure Storage SAS connection, instead, will be used in Microsoft-hosted environments (TEST, UAT, and Prod with ServiceFabric) and in CHE and UDE environments.

Lasernet will determine whether to use Azure Storage or Azure Storage SAS based on the settings or the default configuration in Lasernet FO Connector (version 7 and newer).

Ensure that the connections in Lasernet match those used within Lasernet FO Connector when overriding any of the following two fields within the server setup:

Use a connection string for environments that can produce neither user-delegated SAS nor non-user-delegated SAS.
Use a SAS token (#SASAccountName#, #SASContainer#, #SASToken#) for environments that can produce SAS (Microsoft-managed environments, UDE, and CHE environments). The same connection for SAS can be reused across configurations, environments, and customers in both Lasernet FO Connector and Lasernet.

SAS (CHE and UDE Environments)

A policy is added for each of the required containers when using SAS in CHE and UDE environments.

User-Delegated SAS

Permissions and policies for a user-delegated SAS are managed by Microsoft within a Microsoft-hosted environment.

Ad Hoc SAS

If Preview or Document handling is not working as expected, an ad hoc SAS can be used in Lasernet FO Connector.

Ad hoc SAS can be enabled by toggling Use policy to No in Lasernet > Setup > Parameters > Performance.

Permissions are included within the SAS token when using an ad hoc SAS.

Only user-delegated SAS can be supported within a Microsoft-hosted environment. SAS and ad hoc SAS can be supported in CHE and UDE environments.

The availability of user-delegated SAS, non-user-delegated SAS, and ad hoc SAS is determined by the environment type and ESC Flight settings managed by Microsoft. These settings change based on Environment Id.