0

I have a c# web application running on IIS in a windows server core container. In the dockerfile I create a new user 'myUser' without password. I add the credentials to my Azure File store in the Dockerfile as well:

USER myUser
RUN powershell "cmdkey /add:mystore.file.core.windows.net /user:AZURE\mystore /pass:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX=="

I add a new application pool Identity using 'myUser', and use that application pool for my application. When I start the container and connect using 'docker exec', I am logged on as the new user. I can access the path with 'ls \mystore.file.core.windows.net\dockerstore\' The credentials are listed okay with 'cmdkey /list'.

However, my application which runs under the same user complaints it cannot reach the store. System.IO.IOException reported on Directory.Exists().

I have done this execise on my local box as well, and the application runs without issues. I have tried using a user with password as well, to no avail. The application use the full UNC-path to the store.

Tried the same thing on a windows service application. Same thing: Can list files in a powershell session, but my application cannot access it.

Am I missing something?

Edit: Here's what I did:

NET USER myAzureFilesUser myAzureFilesPasswordXXXXXXXXXXX== /add /y
NET LOCALGROUP Administrators /add myAzureFilesUser 

Import-Module WebAdministration
$processModelProperties = @{userName='myAzureFilesUser ';password='myAzureFilesPasswordXXXXXXXXXXX==';identitytype=3}
Set-ItemProperty (Join-Path 'IIS:\AppPools\' 'My AppPool Name') -name processModel -value $processModelProperties
Andreas Ludviksen
  • 43
  • 6
  • You application pool runs under account with the same name as password as Azure file store account? – Gregory Suvalian Jun 11 '17 at 20:54
  • @GSA No, not the same account. The user/pass credentials are stored using cmdkey. – Andreas Ludviksen Jun 11 '17 at 21:31
  • I'm pretty sure if you set both with the same username|password it will work without need for anything additional – Gregory Suvalian Jun 11 '17 at 21:32
  • Not sure how that will make a difference, as I am already able to access it with the user. The issue is only within an application. Do you mean the user/pass set on the File Storage(AZURE\myuser - XXXXXXX==) or as set on my Azure-account ? – Andreas Ludviksen Jun 12 '17 at 12:15
  • If you create local user account with the same name/password as the Azure File account then when request will be issued by application running inside pool it will use Application Pool credentials to connect to any resources outside of your local box. This is very common architecture when you need to access files outside of your local machine but do not have Active Directory in place – Gregory Suvalian Jun 12 '17 at 12:54
  • Here is similar (actually more complicated scenario) which you are looking at https://blogs.iis.net/davidso/azurefile – Gregory Suvalian Jun 12 '17 at 12:55
  • Excellent! This seems to work. I'll update the question with more details. Please add it as answer and I'll accept it. – Andreas Ludviksen Jun 12 '17 at 19:54

1 Answers1

2

You need to create local user account with the same username and password as Azure File storage account and perform some additional tasks as described here. https://blogs.iis.net/davidso/azurefile

Gregory Suvalian
  • 3,566
  • 7
  • 37
  • 66