Azure Files preview - access shared folder in IIS and FileZilla

Asked 9/10, 2014 at 16:0 Answered 3/3, 2015 at 19:34

azure azure-virtual-machine network-shares

I'm interested in load balancing 2+ Windows VMs in Azure. My primary requirement, though, is that an 'uploads' folder would need to be consistent between each VM. Files in this folder are FTPed by our admin users, and they would then need to select these files in a C# MVC Web app. As you may connect through FTP to one VM, but a Web connection might be to another, the uploads have to be centralised.

It looked as if the new Azure Files, currently in Preview, would help, in that they let me set up a shared drive that each of the VMs could access. My thought was that FileZilla Server would allow FTPing up to this shared 'drive', and the Web app would access it to show the contents.

I've signed up to the Azure Files Preview, and set up the share, persistently mapping it to Drive Z for the sake of experimentation. I've also created a new user and made sure they too have persistent mapping to this same drive as Z.

But I can't seem to do anything with this outside of the Remote Desktop. FileZilla, despite having its Service set to log on using this new account, won't show the contents of this drive, or write anything to it. Likewise my Web App isn't able to access the file contents, despite switching Passthrough Authentication to this new account for the virtual folder.

Does anyone know any way of accessing this drive either through the network path or drive letter? Is this just not possible with Azure Files as they are? Are there any other solutions to sharing some blobs across VMs, but treating it as a local drive or network share?

[UPDATE]

This might help. Having set up the share, and used cmdkey and net use while in a cmd prompt runas a specially created user (as suggested in http://blogs.msdn.com/b/windowsazurestorage/archive/2014/05/27/persisting-connections-to-microsoft-azure-files.aspx), if I point a virtual folder in IIS to this share, using the specific account created, and Test Connection, I get: Test: Authentication (green tick; "The specified user credentials are valid") Test: Authorization (red cross; "The path does not exist or environment variables in the path could not be expanded to verify whether it exists.")

While still in a runas cmd prompt, I can access the share, so it's not a specific permissions issue. It just seems to be that IIS cannot use that user to access the share, for some reason. The limitation of Azure Files is that I cannot specifically grant any kinds of permissions on the folder within that share.

Reticle answered 9/10, 2014 at 16:0 Comment(7)

Are you trying to access the file service share through FileZilla outside of the VM? – Aylward 9/10, 2014 at 19:44

No, @GauravMantri, FileZilla Server is running on the VM, as the VM's FTP server. It works fine accessing the VM's built-in file space, so I know the endpoint is fine. FileZilla is working: it just won't list the contents of the Azure Files share, or write to it. IIS can't read the contents either. – Reticle 10/10, 2014 at 8:9

Steve, did you follow the guides on how to persist credentials as per the Azure guide? Your problem really sound like one of impersontation not working when an interactive desktop session isn't running. azure.microsoft.com/en-us/documentation/articles/… I would also check the Windows User has the permissions to log on as a service. – Inadvertence 15/10, 2014 at 0:42

@SimonW Yes, I've done that. My understanding is that this is a per-user process, so wouldn't automatically make Z available to the IIS or FileZilla user, so I also repeated those commands from a prompt runas the respective users, and made sure in IIS the virtual folder authenticated using the user I'd created, rather than pass-through. I can view the drive/share from the remote desktop, but FileZilla and IIS don't seem to be able to. – Reticle 16/10, 2014 at 10:29

Did you set IIS to load the user profile? its an advanced settings for the AppPool – Ferreous 20/10, 2014 at 14:38

@SteveOwen have you had any success with this? I am stuck on the same issue – Handpick 21/11, 2014 at 2:12

@Handpick Nope. Still not got it to work. Seems a simple enough request to me, but found no solution! – Reticle 21/11, 2014 at 16:49

What worked for me is the following:

Create a new account
Set the IIS App Pool Identity to a this specific user
Set the IIS App Pool Load User Profile property to true
start a cmd promt as this user (runas)
do cmdkey and net use (with /persistent:true switch), as you described
create IIS Virtual Diretory with physical path set to UNC share path (not the mapped drive)

A little PowerShell snippet for point 5:

$share = "your-storage-account.file.core.windows.net\yoursharename"
$usr = "your-storage-account"
$key = "your-storage-key"

#store credentials for the network share - must be done for the user that will run the app pool
cmdkey /add:subclub.file.core.windows.net\images /user:$usr /pass:$key
net use z: "\\$share" /user:$usr $key /persistent:yes

Dresser answered 24/10, 2014 at 19:41 Comment(6)

Thanks for such a detailed reply, but that doesn't work for me either. My code can't read the folder, and IIS Manager, when I use Test Connection on the Virtual Folder, again has a green tick for Authentication ("The specified user credentials are valid") but a red cross for Authorization ("Application Pool Identity cannot access path"). Everything looks fine: cmdkey set up, and confirmed, and can access from a cmd prompt when runas my user. Process list shows w2wp.exe running as my user. – Reticle 28/10, 2014 at 14:5

I can say that this solution does work. Just ignore the red cross for Authorization when testing your virtual directory in IIS. After that I had access to Azure Files. – Teaching 18/2, 2015 at 11:19

I have the same issue not being able to access the drive. A little further info. I wrote a tester page that executes cmdkey /list and output the browser. I get "Currently stored credentials: * NONE *". However when I execute the same command as the same user in a cmd window I set the proper creditals stored. – Precedential 3/3, 2015 at 18:57

Correction to my last post. I had a mistake in my tester app. I get the desired output from the test. I see the credential listed. I'm blocked now as well. Confirmed the app pool is running as the correct user with the credentials saved correctly. – Precedential 3/3, 2015 at 19:1

I confirm this works for me too, with a slight variation. The 'load user profile' didn't matter. I reverted back to the default 'false' and it works. The part that really mattered was this: setting the "Physical Path Credentials" of the Virtual Directory to use a specific account instead of as the Application User. This account is actually the same as the AppPool user anyways, so not sure what that worked. – Ordinarily 10/4, 2015 at 18:9

Set the IIS App Pool Load User Profile property to true this worked for me, I was using Azure file share, and it was not working... till i made that change – Kansas 3/5, 2016 at 20:18

The answers here proved helpful.

Setup

Create a new user {appuser}
Open a command windows as the user

runas /user:{appuser} cmd.exe

In the new {appuser} cmd window use

cmdkey /add:{storage-account}.file.core.windows.net /user:{storage-account} /pass:{account-key}

Set the IIS Application pool to use {appuser} 4b. Set LoadUserProfile to true

Notice no need for the net use. Don't need the mapped drive.

Code

Now here's the key piece. From your app you must write to the UNC path.

\{storage-account}.file.core.windows.net\

ex.

File.WriteAllText("\\\\{storage-account}.file.core.windows.net\\share\test.txt", "contents goes here");

Precedential answered 3/3, 2015 at 19:34 Comment(1)

Does that mean (given your final bit of code) I can't use Virtual folders in IIS to access that UNC path? That would be the deal breaker for me, I think. – Reticle 6/3, 2015 at 11:33

Setup

Code

Recommended topics

Hot tags