View Attach (18) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 AzureConfiguration.png 78.7 kB 3 05-Dec-2023 05:32 krivacsz
png
 AzureConfiguration2.png 77.5 kB 3 05-Dec-2023 05:32 krivacsz
png
 AzureConfiguration3.png 27.4 kB 3 05-Dec-2023 05:32 Sandor new UI elements
png
 AzurePortalAccessKey.png 57.7 kB 2 05-Dec-2023 05:32 Sandor blurred more
png
 SAS.png 97.0 kB 1 05-Dec-2023 05:32 Sandor
png
 Screen Shot 2017-08-09 at 9.08... 113.4 kB 1 05-Dec-2023 05:32 krivacsz Azure configuration
png
 azureRemoteItem.png 57.5 kB 2 05-Dec-2023 05:32 krivacsz
png
 azureRemoteItem2.png 53.5 kB 2 05-Dec-2023 05:32 krivacsz
png
 azureRemoteItem3.png 20.3 kB 2 05-Dec-2023 05:32 Sandor new UI elements
png
 azure_VFS_SAS.png 26.4 kB 1 05-Dec-2023 05:32 Sandor
png
 azure_access_control_roles.png 132.8 kB 1 07-Oct-2024 04:38 krivacsz
png
 azure_api_permission_blob.png 130.2 kB 1 07-Oct-2024 04:17 krivacsz
png
 azure_blob.png 74.0 kB 3 05-Dec-2023 05:32 krivacsz
png
 azure_blob3.png 29.6 kB 4 05-Dec-2023 05:32 Sandor new UI elements
png
 azure_blobRemoteItem.png 21.5 kB 4 05-Dec-2023 05:32 Sandor new UI elements
png
 azure_refresh_token_form.png 48.4 kB 1 07-Oct-2024 04:50 krivacsz
png
 azure_user_impersonation.png 152.5 kB 1 07-Oct-2024 04:17 krivacsz
png
 user_delegation_settings.png 94.4 kB 2 07-Oct-2024 04:49 krivacsz

This page (revision-185) was last changed on 12-May-2025 02:02 by krivacsz

This page was created on 05-Dec-2023 05:32 by Halmágyi Árpád

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 96 changed 2 lines
You will start at the Microsoft Azure portal:\\
[https://azure.microsoft.com/en-us/features/azure-portal/]\\
__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\
• login.microsoftonline.com\\
• graph.microsoft.com\\
At line 99 changed one line
__Application registration: __Go to the App registrations and click on New registration:\\
Open the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal]\\
At line 101 changed one line
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\
__Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\
At line 103 changed one line
Name it. Select the Microsoft account types. The redirect URL must end with "__register_microsoft_graph_api/__". Then click on register.\\
[SharePoint Integration/new_registration.png]\\
At line 106 added 2 lines
The Redirect URL must end with __register_microsoft_graph_api/__.\\
\\
At line 106 changed 2 lines
http://localhost:9090/register_microsoft_graph_api/
}}}
http://localhost:9090/register_microsoft_graph_api/
}}}\\
or
{{{
https://your.crushftp.domain.com/register_microsoft_graph_api/
}}}\\
At line 109 changed one line
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\
__Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the __value__ immediately!\\
At line 111 changed one line
Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\
[SharePoint Integration/new_secret.png]\\
At line 113 changed one line
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\
[SharePoint Integration/secret_value.png]\\
At line 115 removed one line
Configure the API permissions:\\
At line 127 added 2 lines
Configure the __API permissions__:\\
\\
At line 121 changed one line
On your __Storage Account__ at __Access Control (IAM)__ assign the role "__Storage Account Contributor__" and "__Storage Blob Data Contributor__" to the specified user.\\
In your __Storage Account__, navigate to __Access Control (IAM)__ and assign the roles __Storage Account Contributor__ and __Storage Blob Data Contributor__ to the specified user.\\
At line 123 changed one line
__Restriction:__ It only works with blob storage.\\
__Note__: This applies only to __Blob Storage__.\\
At line 127 changed one line
Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the "__Get Refresh Token__" button.\\
Access the user’s __VFS settings__ and configure the __Refresh Token__ for the remote Azure connection.\\
• Provide the __Storage Account Name__ in the __Username__ input field.\\
• Under __User Delegation Settings__, click the __Get Refresh Token__ button.\\
At line 129 changed one line
[attachments|azure_refresh_token_form.png]\\
[attachments|user_delegation_settings.png]\\
At line 145 added one line
__!!! Note__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\
At line 132 changed one line
__Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\
__Client id : __ See at App Registration -> Overview -> Application (client) ID\\
At line 134 changed 9 lines
[attachments|SharePoint Integration/client_id.png]\\
\\
__Secret key:__ A new client secret also needs to be created. Go to the "__Certificate & secrets__" and generate a new secret key. Click on New client secret.\\
\\
[attachments|SharePoint Integration/new_secret.png]\\
\\
[attachments|SharePoint Integration/secret_value.png]\\
\\
Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\
__Secret key:__ See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID.\\
At line 144 changed one line
[attachments|user_delegation_settings.png]\\
__Tenant:__ See at App Registration -> Overview -> Directory (tenant) ID.\\
At line 146 changed one line
__!!!__Provide the storage account name as the "User name" input field.\\
__Scope:__\\
{{{
https://storage.azure.com/user_impersonation offline_access
}}}
At line 148 changed one line
To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\
Click OK. Sign in with the specified Microsoft account to grant access and obtain the refresh token. __!!! Note__: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above. This will automatically configure the __User Delegation Settings__.\\
[attachments|azure_refresh_token_form.png]\\
At line 163 added 2 lines
To generate a new SAS token for your storage account, run the following job example: [Renew Azure SAS token via Azure User impersonation|CrushTaskExample18]\\
\\
Version Date Modified Size Author Changes ... Change note
185 12-May-2025 02:02 9.264 kB krivacsz to previous
184 12-May-2025 02:01 9.213 kB krivacsz to previous | to last
183 12-May-2025 01:56 9.217 kB krivacsz to previous | to last
182 12-May-2025 01:55 9.164 kB krivacsz to previous | to last
181 12-May-2025 01:53 9.123 kB krivacsz to previous | to last
« This page (revision-185) was last changed on 12-May-2025 02:02 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
CrushTaskExample18
LeftMenu
VFS Protocols

JSPWiki