I have created an azure file share and I was able to create mapped drive on my system , but I need to share different folders to different users
currently I have only one username which is the storage name provided by azure
By default mapping of an Azure File Share happens using SMB protocol that makes use of your storage account name/key.
However, you can also enable Azure Active Directory Domain Services (Azure AD DS) authentication over SMB for Azure Files which will let you grant granular NTFS permissions on folders and files inside a share to users.
Please visit this link for detailed instructions on how you can accomplish that: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable.
Related
Assuming I already have a Storage Account SAS URI configured. How can I connect from outside the network to that Storage Account and which file sharing client should I use? What values do I need to configure it and where are they in the Storage Account - Azure AD? How do I give different permissions to different users? By Roles?
I tried to create a Storage Account SAS URI and a Shared Access Key. I tried connecting from WinSCP using those endpoints. I can't find the username and password. Do you know a method similar to this, but that works?
Many Thanks
If you enable SFTP for Azure Blob Storage, you will have an endpoint that you can access via WinSCP and the ability to create users with differing permissions to control access.
I need an SFTP server hosted on Azure. The important thing is that it should support multiple user accounts and their management at runtime ( via an interface or API), i.e. password reset, account blocking/unblocking (preferably user groups also).
I have found some guides on how to set up an SFTP server on Azure:
https://learn.microsoft.com/en-us/samples/azure-samples/sftp-creation-template/sftp-on-azure/
https://charbelnemnom.com/how-to-deploy-sftp-service-on-microsoft-azure/
Their major drawback is that every change ( addition of a new user, password update etc.) requires a new deployment which is not acceptable.
Also, there is an SFTP functionality for the Azure Blob Storage:
https://learn.microsoft.com/en-us/azure/storage/blobs/secure-file-transfer-protocol-support
This functionality is still in preview and allows only to add local users in the Azure portal. Unfortunately, other - more advanced features like account blocking etc - are missing. It is also not possible to manage the user accounts from the code.
There exist some products on Azure marketplace provided by external companies, like Azure SFTP Gateway which supports all functionalities listed above. I am not sure about the further maintenance of these products and I couldn't find any information about SLA or similar things for these products.
I would like to ask if there is a reliable resource or a way to set up a resource that could serve as an SFTP server and meet the requirements listed above? If there is no explicit solution, maybe there is a way to integrate an SFTP server with a database or do something else?
Presently, we only support the SFTP for Azure Blob Storage.
SFTP for Azure Blob Storage supports multiple local user accounts and container-level permissions. You can use the Portal, ARM, PowerShell or CLI to manage users, permissions and passwords/keys. You can also disable individual users by disabling ssh key and password authentication.
Connect to Azure Blob Storage using SFTP (preview) | Microsoft Docs
az storage account local-user | Microsoft Docs
it is possible to give FTP user can access only Content folder on Azure webapp or else give access via azure Storage explore.
please help about it i just want to give permission to my client only for content folder via FTP or azure storage explorer so that he can only upload their content on Specific folder.
Simple answer, no. FTP is an ALL or Nothing scenario.
An option would be add a path mapping in the Configuration section and mount Azure Blob or Azure Files and create a Shared Access Signature to grant write permissions to your client.
We have an azure VM (Virtual Machine) hosting a web app in IIS but that uses files on the VM's file system. We want to move the files to an Azure Storage Account (so that if the VM losses the data we have the files still). We can do this, but when we try and give the storage account permissions on the VM it says it cant do it. Anyone know how to give the storage account permissions to write and us the file system through IIS?
I don't know what is the reason that you want to change the permission of the mount point. But when you follow the steps in Quickstart: Create and manage Azure Files share with Windows virtual machines and finish all the steps, the Azure File Share was mounted to the Windows VM, then you cannot change the permission. And the admin users have full control of the mount point, the users can write, read and modify the files in the mount point.
I think when you use the admin users to run the IIS, then it already has the permission to write and read in the mount point. So you needn't change the permission.
My Azure API app uses the new Windows File storage API.
In the startup on my Azure API app I need to map to a UNC path. The 3rd party application we integrate with needs to reference a local/UNC path for files.
In doing so I am getting a Error: ERROR_ACCESS_DENIED
Is it possible to map a UNC path to Azure File Store in a Web/API app?
If so - is it possible to run the app pool under an elevated account?
Or can I map this drive before using a different account somehow?
Its possible to add a UNC path to an Azure File.
You may getting an access denied due to different user contexts between file share creation and access. Please check out the Persist your storage account credentials for the virtual machine section in this article: https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/
Additionally, you could use canned user (storage account name, key) credentials to run the app pool.