Accessing Azure File Storage from WebJob using SMB protocol - c#

I have a c# console application running as a web job in Azure PaaS. Since it is a legacy system and use local UNC path to put the generated pdf, I am exploring the ways I can do this on Azure Storage. Following this, I have created a storage account then File share and finally a directory inside file share. I can access the directory from windows machine by entering the login credentials. so I know the storage is all set and working. Now I want to replace the UNC path in my c# code with the UNC(?) path on Azure PaaS but I am wondering if that would work and if yes then how I should handle the credentials? Since Microsoft says that File Share supports SMB 3.0 I reckon I should be able to use it just the way I use any on premises drive. I do not want to use REST api's to do the file operations as defined here and in the video here because it would involve code changes which in my case would be a huge exercise. Since File share supports SMB protocol I was expecting to find examples where it is called from a web job. Can somebody point me to the right resource or guide me how I can accomplish this piece of functionality.

Here's your problem -
From the App Service sandbox Wiki -
Restricted Outgoing Ports
Regardless of address, applications cannot connect to anywhere using ports 445, 137, 138, and 139. In other words, even if connecting to a non-private IP address or the address of a virtual network, connections to ports 445, 137, 138, and 139 are not permitted.
That's largely SMB traffic.
Your options are limited, i would try to publish on Cloud Services instead (worker role), still PaaS but with a vintage feel to it and no outbound port restrictions.
Service Fabric with Guest Executable programming model could also be an option, although it's probably a little too involved for a simple console app. Pick Windows nodes for .NET Full Framework.

Related

Read a folder on local machine using azure function c#

Is it possible to read a file located on local machine path C:\data with an azure function trigger by http request ?
You can expose a local file system to Azure using the on-premises data gateway.
However this supported from Logic Apps, but not as far as I know from Functions. You could however still use the Logic App as a bridge to your Function using the Azure Function Connector.
You are of course free to use your own personal computer however you like, but be aware that the on-premises data gateway exposes machines on your own network directly to the internet, which in the context of a business is often considered a significant security hazard. Definitely do not do this in a business context without clearing it with IT security persons first.
I would say no. The resource that you want to read data from needs to be accessible from the web. Put the files in the cloud so that the function can access them.

Is it possible to print through .NET code from an Azure Worker Role

To start off with, I am aware of this question that seems to ask the same thing. However I'm going to ask it again with a slight modification.
I'm working on a project to print PDF's. We have a library for PDF manipulation. We can use it to render a PDF to a file that the System.Drawing.Printing.PrintDocument object can use and print in c#. We are going to have an Azure Worker role that takes many 1-page pdf's and turns them into one large pdf, and I would like to have another Azure Worker Role that then spools that large PDF to a Windows Print Server here locally.
Since the printing part is so much slower (compared to the pdf creation/aggregation piece) I would like to be able to host it in azure to easily scale.
My initial thought was "I don't think this is even possible. How would Azure be able to know anything about my local print server." Which is the basic answer from the above similar question. But after some searching, I found some results that seem to indicate setting up a VPN Site-To-Site Tunnel or ExpressRoute Connection would let me do what I want. However I'm relatively new to Azure and the results I found are short on actual, useful, helpful details.
If it can't be done, fine, I can set up an application server locally to do the printing. But if someone has ideas or more insight on how to accomplish this I would love to hear it.
Basically, you could store PDFs into Azure Blob Storage like:
http://azureaccount.blob.core.windows.net/PDF/pdf1.pdf
Then you define an Azure Queue entity like:
MyQueue(Pdf_Id, Pdf_Blob_Url)
MyQueue(1, http://azureaccount.blob.core.windows.net/PDF/pdf1.pdf)
MyQueue(2, http://azureaccount.blob.core.windows.net/PDF/pdf2.pdf)
and submit to the Azure Queue.
Then on your Printing server, just setup an application to check the AzureQueue to process the PDFs. At this point, just get the PDFs directly from Azure blob storage url to do anything you want like merging, printing,....
Without getting into the VPN / Site-To-Site setups, here is an Idea:
You could have a small application hosted on your network that uses Service Bus Relay to expose a WCF service (this will allow incoming connections to the service from the role)
The worker role can consume this Service and then send the PDF for printing to it.
Your App would send the PDF to the printer via PrintDocument object you mentioned.
See:
https://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use-relay/
What is the Service Bus relay? The Service Bus relay service enables
you to build hybrid applications that run in both an Azure datacenter
and your own on-premises enterprise environment. The Service Bus relay
facilitates this by enabling you to securely expose Windows
Communication Foundation (WCF) services that reside within a corporate
enterprise network to the public cloud, without having to open a
firewall connection, or require intrusive changes to a corporate
network infrastructure.

Windows Service failing to access mapped network drive

My C# based Wcf application hosted as windows service is unable to access mapped network drive even though it works with UNC path. I have come across the below article which states that it is not possible to use mapped drives with windows service.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms685143(v=vs.85).aspx
In my scenario I am logging into the service with a domain account & the same account is used to create the mapped network drive in the machine.
My company has all clients running the projects in mapped drives and they would want the service also to run and access the mapped drive configurations for pulling data.
In this scenario I am wondering if there could be a possible workaround given the situation that network drive would be created with the same account that the service is logged in with.
Any possible workaround or code fixes would be highly appreciated. Thanks .

Create a file from the browser

I'm looking for a way to establish a simple communication between a c# web application and the operating system.
Since i'm working on Silverlight, i get everything i need to create files into any folder on the C:/ Disk. The problem is that we're going to migrate from Silverlight to Html 5 / C#
So i'd need a way to create files FROM any browser to any OS : Windows,Mac,Linux ..
I thought about using Microsoft Active X but that's not cross platforms.
I'm simply looking for a technology/plugin/software or anything that would allow me to do that, the less client interaction would be the best.
I think your need is in conflict with any common sense about security. If there was a simple way to create any file on any computer that loads your web app, just imagine how quickly all sorts of malware would spread.
But going back to your question - I think it will not be simple (btw. was it really simple in silverlight?). What I can imagine is to have some kind of service running on a client PC (the user would have to install it, or it could be corporate policy if your web app is targeted at corporate solutions). Then the service would listen on some TCP port and your web app could send requests to that port with the intent to create particular file with particular content. All the security concerns would be then implemented in mentioned service so that it doesn't get abused by hostile web apps

Loading service for IIS securely

I want to develop PaaS like for IIS, I want users to be able to upload dll and I will host them. Those dll's will be ServiceStack services.
I want to sandbox those apis, so they can access the internet - only to certain ip's , but to limit their OS access for file system - Only for some directory that have max limit of 20mb (for example).
I know that in linux I have containers like docker that can help me do that easily, any Ideas how to do this in .NET (open source libraries for helping are more than welcomed :))
You could use Code Access Security and Trust levels for that.
Take a look at:
http://msdn.microsoft.com/en-us/library/wyts434y(v=vs.100).aspx
http://msdn.microsoft.com/en-us/library/87x8e4d1(v=vs.100).aspx

Categories