We have an azure VM (Virtual Machine) hosting a web app in IIS but that uses files on the VM's file system. We want to move the files to an Azure Storage Account (so that if the VM losses the data we have the files still). We can do this, but when we try and give the storage account permissions on the VM it says it cant do it. Anyone know how to give the storage account permissions to write and us the file system through IIS?
I don't know what is the reason that you want to change the permission of the mount point. But when you follow the steps in Quickstart: Create and manage Azure Files share with Windows virtual machines and finish all the steps, the Azure File Share was mounted to the Windows VM, then you cannot change the permission. And the admin users have full control of the mount point, the users can write, read and modify the files in the mount point.
I think when you use the admin users to run the IIS, then it already has the permission to write and read in the mount point. So you needn't change the permission.
Related
We have created Azure file share with ADDS authentication enabled. Provided the required permissions RBAC in azure for accessing the share.
Storage account object as (computer account)
Enabled the NTFS permissions (Windows) on share using the storage account managed key for the first time.
When tried to mount the share without storage account key, we are asked for credentials and is failed with incorrect credentials.
net use X: \.file.core.windows.net<sharename>
Ideally, share should be mounted without any credentials.
We have identified that, if we remove the NTFS permissions and re-add the permissions the share is mounted as expected but happens intermittently and after sometime. when mounting the share, its requesting the credentials.
What could be the issue and the reason for share being mounted only after remove and re-add the NTFS permissions on Azure file share.
In Azure I have 2 load balanced VMs with an IIS shared config. These are linked to a premium storage account. All up and running. I have persisted the premium fileshare to both VMs as a drive (S).
The wwwroot is on the storage account, along with the IIS config files.
The app pool is set up as the storage account password so I have access the the share.
All good up to this point.
My issue is that the app also needs to see data on another fileshare. (general fileshare, not premium). This will be used for storage and Archive.
The problem is that the IIS app pool is configured with the creds for the premium storage and fails when trying to also use the general storage.
Can this be done?
Is there a way to link to both fileshares in IIS or should I be looking somewhere else?
Thanks
Colin
I have created an azure file share and I was able to create mapped drive on my system , but I need to share different folders to different users
currently I have only one username which is the storage name provided by azure
By default mapping of an Azure File Share happens using SMB protocol that makes use of your storage account name/key.
However, you can also enable Azure Active Directory Domain Services (Azure AD DS) authentication over SMB for Azure Files which will let you grant granular NTFS permissions on folders and files inside a share to users.
Please visit this link for detailed instructions on how you can accomplish that: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable.
how do I mount an azure webb app folder on VM, I've a webb App and a Virtual Machine and I need to mount the web app files and folders to my VM.
If it’s a local VM, you cannot mount the drive. However, you have ways to copy files/folders to and from Azure App Service.
You could use an FTP app or Kudu service.
Based on the WebApp App Service Plan the volume of the storage varies. You could use Kudu console (https://yoursite.scm.azurewebsites.net) to manage the files- it gives you both command line and file browser access to your sites, all from the comfort of a web browser.
Every Azure WebApp has a home directory stored/backed by Azure Storage. It is owned by Azure WebApp Service and cannot be chosen currently; however, you could select storage account for Azure WebApp Diagnostic logs.
Additionally, one of the unique aspects of App Service that makes app deployment and maintenance straightforward is that all user content is stored on a set of UNC shares. This model maps well to the common pattern of content storage used by on-premises web hosting environments that have multiple load-balanced servers.
Within App Service, there is a number of UNC shares created in each datacenter. A percentage of the user content for all customers in each data center is allocated to each UNC share. Furthermore, all of the file content for a single customer's subscription is always placed on the same UNC share.
Also, mapping Azure File Share isn't supported on Azure App Service:
https://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/6084609-allow-map-azure-file-share-microsoft-azure-file-s
it's impossibe,
you must use one of the five Azure auto deploy option, (Github, Bitbuket etc ..)
My Azure API app uses the new Windows File storage API.
In the startup on my Azure API app I need to map to a UNC path. The 3rd party application we integrate with needs to reference a local/UNC path for files.
In doing so I am getting a Error: ERROR_ACCESS_DENIED
Is it possible to map a UNC path to Azure File Store in a Web/API app?
If so - is it possible to run the app pool under an elevated account?
Or can I map this drive before using a different account somehow?
Its possible to add a UNC path to an Azure File.
You may getting an access denied due to different user contexts between file share creation and access. Please check out the Persist your storage account credentials for the virtual machine section in this article: https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/
Additionally, you could use canned user (storage account name, key) credentials to run the app pool.