Azure File Browser

To run the React app, you need the following Azure SDK client npm packages: @azure/ms-rest-nodeauth; @azure/storage-blob; A third Azure package, @azure/arm-storage, is listed in the package.json strictly for use by the scripts/newStorageService.js file to create a new Azure Storage resource. Azure Disk Storage High-performance, highly durable block storage for Azure Virtual Machines; Azure Data Lake Storage Massively scalable, secure data lake functionality built on Azure Blob Storage; Azure Files File shares that use the standard SMB 3.0 protocol; Azure NetApp Files Enterprise-grade Azure file shares, powered by NetApp. Using the Azure Portal. First Navigate to your Web App, Select Tools - Kudu - Go: How to View, Add, Edit, and Remove files in Azure Web App using Kudu Finally this post was about how you actually view, edit, add, and remove files from the Web App.

-->

Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server. This article discusses the considerations for using an Azure file share with Windows and Windows Server.

If you use ASP.NET (core), you can stream the content to the browser without saving the file on the server and using FileStreamResult which is IActionResult would be more elegant solution. Var stream = await blob.OpenReadAsync ; return File (stream, blob.Properties.ContentType, option); Share. Then, the file downloads to their browser's downloads folder. What I would like to happen (and I thought was default behavior) is for the file to simply be displayed in the browser. I have tried changing the mimetype and changing the return type to FileResult instead of ActionResult, both to no avail.

In order to use an Azure file share outside of the Azure region it is hosted in, such as on-premises or in a different Azure region, the OS must support SMB 3.0.

You can use Azure file shares on a Windows installation that is running either in an Azure VM or on-premises. The following table illustrates which OS versions support accessing file shares in which environment:

Windows versionSMB versionMountable in Azure VMMountable on-premises
Windows Server 2019SMB 3.0YesYes
Windows 101SMB 3.0YesYes
Windows Server semi-annual channel2SMB 3.0YesYes
Windows Server 2016SMB 3.0YesYes
Windows 8.1SMB 3.0YesYes
Windows Server 2012 R2SMB 3.0YesYes
Windows Server 2012SMB 3.0YesYes
Windows 73SMB 2.1YesNo
Windows Server 2008 R23SMB 2.1YesNo

1Windows 10, versions 1507, 1607, 1803, 1809, 1903, 1909, and 2004.
2Windows Server, versions 1809, 1903, 1909, 2004.
3Regular Microsoft support for Windows 7 and Windows Server 2008 R2 has ended. It is possible to purchase additional support for security updates only through the Extended Security Update (ESU) program. We strongly recommend migrating off of these operating systems.

Note

We always recommend taking the most recent KB for your version of Windows.

Prerequisites

Ensure port 445 is open: The SMB protocol requires TCP port 445 to be open; connections will fail if port 445 is blocked. You can check if your firewall is blocking port 445 with the Test-NetConnection cmdlet. To learn about ways to work around a blocked 445 port, see the Cause 1: Port 445 is blocked section of our Windows troubleshooting guide.

Using an Azure file share with Windows

To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.

This article uses the storage account key to access the file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you're accessing, and for all file shares and other storage resources (blobs, queues, tables, etc.) contained within your storage account. If this is not sufficient for your workload, Azure File Sync may be used, or you may use identity-based authentication over SMB.

A common pattern for lifting and shifting line-of-business (LOB) applications that expect an SMB file share to Azure is to use an Azure file share as an alternative for running a dedicated Windows file server in an Azure VM. One important consideration for successfully migrating a line-of-business application to use an Azure file share is that many line-of-business applications run under the context of a dedicated service account with limited system permissions rather than the VM's administrative account. Therefore, you must ensure that you mount/save the credentials for the Azure file share from the context of the service account rather than your administrative account.

Mount the Azure file share

The Azure portal provides you with a script that you can use to mount your file share directly to a host. We recommend using this provided script.

To get this script:

  1. Sign in to the Azure portal.

  2. Navigate to the storage account that contains the file share you'd like to mount.

  3. Select File shares.

  4. Select the file share you'd like to mount.

  5. Select Connect.

  6. Select the drive letter to mount the share to.

  7. Copy the provided script.

  8. Paste the script into a shell on the host you'd like to mount the file share to, and run it.

You have now mounted your Azure file share.

Mount the Azure file share with File Explorer

Note

Note that the following instructions are shown on Windows 10 and may differ slightly on older releases.

  1. Open File Explorer. This can be done by opening from the Start Menu, or by pressing Win+E shortcut.

  2. Navigate to This PC on the left-hand side of the window. This will change the menus available in the ribbon. Under the Computer menu, select Map network drive.

  3. Select the drive letter and enter the UNC path, the UNC path format is <storageAccountName>.file.core.windows.net<fileShareName>. For example: anexampleaccountname.file.core.windows.netexample-share-name.

  4. Use the storage account name prepended with AZURE as the username and a storage account key as the password.

  5. Use Azure file share as desired.

  6. When you are ready to dismount the Azure file share, you can do so by right-clicking on the entry for the share under the Network locations in File Explorer and selecting Disconnect.

Accessing share snapshots from Windows

If you have taken a share snapshot, either manually or automatically through a script or service like Azure Backup, you can view previous versions of a share, a directory, or a particular file from file share on Windows. You can take a share snapshot using Azure PowerShell, Azure CLI, or the Azure portal.

List previous versions

Browse to the item or parent item that needs to be restored. Double-click to go to the desired directory. Right-click and select Properties from the menu.

Select Previous Versions to see the list of share snapshots for this directory. The list might take a few seconds to load, depending on the network speed and the number of share snapshots in the directory.

You can select Open to open a particular snapshot.

Restore from a previous version

Select Restore to copy the contents of the entire directory recursively at the share snapshot creation time to the original location.

Securing Windows/Windows Server

In order to mount an Azure file share on Windows, port 445 must be accessible. Many organizations block port 445 because of the security risks inherent with SMB 1. SMB 1, also known as CIFS (Common Internet File System), is a legacy file system protocol included with Windows and Windows Server. SMB 1 is an outdated, inefficient, and most importantly insecure protocol. The good news is that Azure Files does not support SMB 1, and all supported versions of Windows and Windows Server make it possible to remove or disable SMB 1. We always strongly recommend removing or disabling the SMB 1 client and server in Windows before using Azure file shares in production.

The following table provides detailed information on the status of SMB 1 each version of Windows:

Windows versionSMB 1 default statusDisable/Remove method
Windows Server 2019DisabledRemove with Windows feature
Windows Server, versions 1709+DisabledRemove with Windows feature
Windows 10, versions 1709+DisabledRemove with Windows feature
Windows Server 2016EnabledRemove with Windows feature
Windows 10, versions 1507, 1607, and 1703EnabledRemove with Windows feature
Windows Server 2012 R2EnabledRemove with Windows feature
Windows 8.1EnabledRemove with Windows feature
Windows Server 2012EnabledDisable with Registry
Windows Server 2008 R2EnabledDisable with Registry
Windows 7EnabledDisable with Registry

Auditing SMB 1 usage

Applies to Windows Server 2019, Windows Server semi-annual channel (versions 1709 and 1803), Windows Server 2016, Windows 10 (versions 1507, 1607, 1703, 1709, and 1803), Windows Server 2012 R2, and Windows 8.1

Before removing SMB 1 in your environment, you may wish to audit SMB 1 usage to see if any clients will be broken by the change. If any requests are made against SMB shares with SMB 1, an audit event will be logged in the event log under Applications and Services Logs > Microsoft > Windows > SMBServer > Audit.

Note

To enable auditing support on Windows Server 2012 R2 and Windows 8.1, install at least KB4022720.

To enable auditing, execute the following cmdlet from an elevated PowerShell session:

Removing SMB 1 from Windows Server

Applies to Windows Server 2019, Windows Server semi-annual channel (versions 1709 and 1803), Windows Server 2016, Windows Server 2012 R2

To remove SMB 1 from a Windows Server instance, execute the following cmdlet from an elevated PowerShell session:

To complete the removal process, restart your server.

Note

Starting with Windows 10 and Windows Server version 1709, SMB 1 is not installed by default and has separate Windows features for the SMB 1 client and SMB 1 server. We always recommend leaving both the SMB 1 server (FS-SMB1-SERVER) and the SMB 1 client (FS-SMB1-CLIENT) uninstalled.

Removing SMB 1 from Windows client

Applies to Windows 10 (versions 1507, 1607, 1703, 1709, and 1803) and Windows 8.1

To remove SMB 1 from your Windows client, execute the following cmdlet from an elevated PowerShell session:

To complete the removal process, restart your PC.

Disabling SMB 1 on legacy versions of Windows/Windows Server

Applies to Windows Server 2012, Windows Server 2008 R2, and Windows 7

SMB 1 cannot be completely removed on legacy versions of Windows/Windows Server, but it can be disabled through the Registry. To disable SMB 1, create a new registry key SMB1 of type DWORD with a value of 0 under HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > LanmanServer > Parameters.

You can easily accomplish this with the following PowerShell cmdlet as well:

After creating this registry key, you must restart your server to disable SMB 1.

SMB resources

Next steps

Azure file share sas

See these links for more information about Azure Files:

-->

This guide walks you through the basics of working with Azure file shares with the Azure Storage Explorer. Azure file shares are just like other file shares, but stored in the cloud and backed by the Azure platform. Azure File shares support the industry standard SMB protocol and enable file sharing across multiple machines, applications, and instances.

The Azure Storage Explorer is a popular client tool that's available for Windows, macOS, and Linux. You can use Storage Explorer to manage Azure file shares and other storage resources.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

This quickstart requires Storage Explorer to be installed. To download and install it, go to Azure Storage Explorer.

Azure Storage Browser

Create a storage account

Azure File Share Sas

You can't use Storage Explorer to create new resources. For the purposes of this demo, create the storage account in the Azure portal.

A storage account is a shared pool of storage in which you can deploy an Azure file share or other storage resources, such as blobs or queues. A storage account can contain an unlimited number of shares. A share can store an unlimited number of files, up to the capacity limits of the storage account.

To create a storage account:

Azure File Browser
  1. In the left menu, select + to create a resource.

  2. Select Storage account to create a storage account.

  3. In Name, enter mystorageacct followed by a few random numbers, until you see a green check mark that indicates that it's a unique name. A storage account name must be all lowercase and globally unique. Make a note of your storage account name. You will use it later.

  4. In Performance, keep the default value of Standard.

  5. In Replication, select Locally redundant storage (LRS).

  6. In Subscription, select the subscription that was used to create the storage account. If you have only one subscription, it should be the default.

  7. In Resource group, select Create new. For the name, enter myResourceGroup.

  8. In Location, select East US.

  9. When you're finished, select Create to start the deployment.

Connect Storage Explorer to Azure resources

When you first start Storage Explorer, the Microsoft Azure Storage Explorer - Connect window appears. Storage Explorer provides several ways to connect to storage accounts:

  • Sign in by using your Azure account: You can sign in by using the user credentials for your organization or your Microsoft account.
  • Connect to a specific storage account by using a connection string or SAS token: A connection string is a special string that contains a storage account name and storage account key/SAS token. With the token, Storage Explorer directly accesses the storage account (rather than simply seeing all the storage accounts in an Azure account). To learn more about connection strings, see Configure Azure storage connection strings.
  • Connect to a specific storage account by using a storage account name and key: Use the storage account name and the key for your storage account to connect to Azure storage.

For the purposes of this quickstart, sign in by using your Azure account. Select Add an Azure Account, and then select Sign in. Follow the prompts to sign in to your Azure account.

Create a file share

To create your first Azure file share in the storageacct<random number> storage account:

  1. Expand the storage account that you created.

  2. Right-click File Shares, and then select Create File Share.

  3. For the file share, enter myshare, and then press Enter.

Azure Storage File Explorer

Share names can contain only lowercase letters, numbers, and single hyphens (but they can't start with a hyphen). For complete details about naming file shares and files, see Naming and referencing shares, directories, files, and metadata.

After the file share is created, a tab for your file share opens in the right pane.

Use your Azure file share

Now that you have created an Azure file share, you can mount the file share with SMB on Windows, Linux, or macOS. Alternatively, you can work with your Azure file share by using Azure Storage Explorer. The advantage of using Azure Storage Explorer instead of mounting the file share by using SMB is that all requests that are made with Azure Storage Explorer are made by using the File REST API. You can use the File REST API to create, modify, and delete files and directories on clients that don't have SMB access.

Create a directory

Adding a directory provides a hierarchical structure for managing your file share. You can create multiple levels in your directory. But, you must ensure that parent directories exist before you create subdirectories. For example, for the path myDirectory/mySubDirectory, you must create the directory myDirectory first. Then, you can create mySubDirectory.

  1. On the tab for the file share, on the top menu, select the New Folder button. The Create New Directory pane opens. Royal crafters choice paint brushes.

  2. For the directory name, enter myDirectory, and then select OK.

The myDirectory directory is listed on the tab for the myshare file share.

Azure App Service File Browser

Upload a file

You can upload a file from your local machine to the new directory in your file share. You can upload an entire folder or a single file.

  1. In the top menu, select Upload. This gives you the option to upload a folder or a file.
  2. Select Upload File, and then select a file to upload from your local machine.
  3. In Upload to a directory, enter myDirectory, and then select Upload.

When you are finished, the file appears in the list in the myDirectory pane.

Download a file

To download a copy of a file from your file share, right-click the file, and then select Download. Choose where you want to put the file on your local machine, and then select Save.

The progress of the download appears in the Activities pane at the bottom of the window.

Azure File Browser Definition

Clean up resources

You can't use Storage Explorer to remove resources. To clean up from this quickstart, you can use the Azure portal.

When you're done, you can delete the resource group. Deleting the resource group deletes the storage account, the Azure file share, and any other resources that you deployed inside the resource group.

Azure File Browser Free

  1. In the left menu, select Resource groups.
  2. Right-click the resource group, and then select Delete resource group. A window opens and displays a warning about the resources that will be deleted with the resource group.
  3. Enter the name of the resource group, and then select Delete.

Download Azure File Explorer

Next steps