My Azure API app uses the new Windows File storage API.
In the startup on my Azure API app I need to map to a UNC path. The 3rd party application we integrate with needs to reference a local/UNC path for files.
In doing so I am getting a Error: ERROR_ACCESS_DENIED
Is it possible to map a UNC path to Azure File Store in a Web/API app?
If so - is it possible to run the app pool under an elevated account?
Or can I map this drive before using a different account somehow?
Its possible to add a UNC path to an Azure File.
You may getting an access denied due to different user contexts between file share creation and access. Please check out the Persist your storage account credentials for the virtual machine section in this article: https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-files/
Additionally, you could use canned user (storage account name, key) credentials to run the app pool.
Related
Assuming I already have a Storage Account SAS URI configured. How can I connect from outside the network to that Storage Account and which file sharing client should I use? What values do I need to configure it and where are they in the Storage Account - Azure AD? How do I give different permissions to different users? By Roles?
I tried to create a Storage Account SAS URI and a Shared Access Key. I tried connecting from WinSCP using those endpoints. I can't find the username and password. Do you know a method similar to this, but that works?
Many Thanks
If you enable SFTP for Azure Blob Storage, you will have an endpoint that you can access via WinSCP and the ability to create users with differing permissions to control access.
I have created an azure file share and I was able to create mapped drive on my system , but I need to share different folders to different users
currently I have only one username which is the storage name provided by azure
By default mapping of an Azure File Share happens using SMB protocol that makes use of your storage account name/key.
However, you can also enable Azure Active Directory Domain Services (Azure AD DS) authentication over SMB for Azure Files which will let you grant granular NTFS permissions on folders and files inside a share to users.
Please visit this link for detailed instructions on how you can accomplish that: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable.
how do I mount an azure webb app folder on VM, I've a webb App and a Virtual Machine and I need to mount the web app files and folders to my VM.
If it’s a local VM, you cannot mount the drive. However, you have ways to copy files/folders to and from Azure App Service.
You could use an FTP app or Kudu service.
Based on the WebApp App Service Plan the volume of the storage varies. You could use Kudu console (https://yoursite.scm.azurewebsites.net) to manage the files- it gives you both command line and file browser access to your sites, all from the comfort of a web browser.
Every Azure WebApp has a home directory stored/backed by Azure Storage. It is owned by Azure WebApp Service and cannot be chosen currently; however, you could select storage account for Azure WebApp Diagnostic logs.
Additionally, one of the unique aspects of App Service that makes app deployment and maintenance straightforward is that all user content is stored on a set of UNC shares. This model maps well to the common pattern of content storage used by on-premises web hosting environments that have multiple load-balanced servers.
Within App Service, there is a number of UNC shares created in each datacenter. A percentage of the user content for all customers in each data center is allocated to each UNC share. Furthermore, all of the file content for a single customer's subscription is always placed on the same UNC share.
Also, mapping Azure File Share isn't supported on Azure App Service:
https://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/6084609-allow-map-azure-file-share-microsoft-azure-file-s
it's impossibe,
you must use one of the five Azure auto deploy option, (Github, Bitbuket etc ..)
I have an MVC 5 web app hosted on Azure App Service. The application communicates with Azure blob storage and lists the blobs from each container. The application also allows users to download blobs to their local drive. All this works fine using IIS.
However, when I publish the app to Azure App Service, I receive access to this path is denied.
So my question is; how can I enable permissions on App Service to allow write access to a specific folder on a users PC?
I need to be able to download the blob contents to a users local drive.
If you granted the IIS App pool permissions to the download folder, you mean you download the files to the server machine right?
Your server has no access to the user's PC drive. You have to return the file as a result from your controller to initiate download via the user's browser.
I resolved this by creating a shared access signature for each of the blobs and appending this to the blob URI. This allows direct access to the blobs on Azure Blob Storage for authorised users.
Just deployed a boilerplate Web Role in Azure Cloud service. Upon launching, it seems the default current dir is "d:\windows\system32\inetsrv" and home is "F:\sitesroot\0"
It seems I have limited write permissions, no delete permissions.
2 questions:
How much storage is there on this server under F:\sitesroot? Is it persistent?
How do I control the default permission/access of a web role?
You should be reading/writing to a LocalStorage resource. When you define a LocalStorage resource a folder is configured on the C: drive with appropriate size and permissions setup.
There is no persistent local storage for WebRoles. If you need something persistent then you should use Azure storage (blobs/tables) or something else like SQL Azure.
See http://msdn.microsoft.com/en-us/library/ee758708.aspx for more information, and http://convective.wordpress.com/2009/05/09/local-storage-on-windows-azure/ for sample code.