| At line 1 added 10 lines |
| \\ |
| __Azure Storage:__ [Azure Storage Documentation Link| https://learn.microsoft.com/en-us/azure/storage/]\\ |
| ---- |
| __⚠️ General restrictions__: Azure Storage is not a traditional file system but an object storage service. What appears to be a __folder__ is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To __move__ a folder, you must copy all the objects to the new location and then delete them from the original one.\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:\\ |
| • __file.core.windows.net__ or __privatelink.file.core.windows.net__\\ |
| • __blob.core.windows.net__, __blob.core.chinacloudapi.cn__ or __privatelink.blob.core.windows.net__\\ |
| • __dfs.core.windows.net__,__dfs.core.chinacloudapi.cn__ (This applies only to the delete action when working with Data Lake Storage 2)\\ |
| ---- |
| At line 3 changed one line |
| CrushFTP supports Microsoft Azure Shares as VFS item, it requires a __Storage Account:__ [https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview]. About Azure file share: [https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\ |
| CrushFTP supports Microsoft Azure Shares as a [VFS] item, it requires a __Storage Account:__ [Storage account overview Link| https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\ |
| More Info: [Azure File Share Link|https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\ |
| At line 5 changed one line |
| The URL should looks like (Replace the url with your corresponding data!):\\ |
| The URL should follow this structure (replace the placeholders with your actual values):\\ |
| At line 8 changed one line |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}} |
|
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@file.core.windows.net/<<SHARE_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@privatelink.file.core.windows.net/<<SHARE_NAME>>/ |
|
| }}}\\ |
| At line 10 changed one line |
| You can find those on the Azure portal, under __Storage Account__. From the left-side menu select __Access keys__ to reveal them.\\ |
| You can find the required details in the __Azure Portal__. Navigate to your __Storage Account__, then select __Access keys__ from the left-hand menu to view the credentials.\\ |
| At line 14 changed one line |
| Then paste them on the appropriate fields in CrushFTP.\\ |
| In the VFS item’s Properties section, provide the __Storage Account__ name as the __Username__ and the __Access key__ as the __Password__. The __Share Name__ corresponds to the first folder in the URL.\\ |
| At line 18 changed one line |
| When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\ |
| When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\ |
| At line 20 changed one line |
| There is an input field for the file service share: Share Name \\ |
| There is an input field specifically for the file service share, labeled __Share Name__.\\ |
| At line 25 changed 2 lines |
| CrushFTP supports __Azure Blobs__([https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview]. \\ |
| Azure Blob Storage is __not like a normal filesystem__ with folders and deeper levels you can go into. It's more like S3 where a file’s name contains slashes making it simulate a folder structure but with many limitations when it comes to renaming and truly simulating a normal file system. Folder rename is not supported.\\ |
| CrushFTP supports __Azure Blobs__ ([Introduction to Azure Blob Storage Link|https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [Storage account overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\ |
| At line 28 changed 2 lines |
| The URL should look like (Replace the url with your corresponding data!):\\ |
|
| The URL should follow this structure (replace the placeholders with your actual values):\\ |
| At line 31 changed one line |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/}}} |
|
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.core.chinacloudapi.cn/<<BLOB_CONTAINER_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@privatelink.blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ |
| }}}\\ |
| At line 53 added 4 lines |
| In the VFS item’s Properties section, provide the __Storage Account__ name as the __Username__ and the __Access key__ as the __Password__. The __Blob Container Name__ corresponds to the first folder in the URL.\\ |
| \\ |
| __⚠️ Important__ : You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\ |
| \\ |
| At line 35 changed 2 lines |
| __Data Lake storage Gen2__: More info on the official website: [https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\ |
| Turn on the flag if the storage type is the data lake. It connects through __Azure Blob Storage REST API__ [https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api] and not through \\ |
| __Data Lake storage Gen2__: More info on the official website: [Data Lake Storage Introduction Link|https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\ |
| Turn on the flag if the storage type is the data lake. It connects using the __Azure Blob Storage REST API__ ( More info: [Blob Service REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api]), but does not support the Azure Data Lake Storage Gen2 REST API. (More info: [Azure Data Lake Storage Gen2 REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2])\\ |
| At line 38 changed one line |
| When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\ |
| When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\ |
| At line 40 changed one line |
| To specify the blob container use the input field: Share Name \\ |
| To specify the __Blob Container Name__, use the __Share Name__ input field.\\ |
| \\ |
| At line 43 removed 3 lines |
|
| You need to select the blob type (append blob or block blobs - page blobs are not supported) specified when creating the blob on Azure. |
|
| At line 48 changed 2 lines |
| Azure also has the ability to delegate access with a shared access signature (SAS) [https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\ |
| In this case, the url should looks like: |
| Azure also can delegate access with a shared access signature (SAS) [Storage SAS Overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\ |
| In this case, the URL should look like: |
| At line 51 changed 4 lines |
| azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\ |
| Or |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\ |
|
| azure://<<STORAGE_ACCOUNT_NAME>>:@blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:@file.core.windows.net/<<SHARE_NAME>>/ |
|
| }}}\\ |
| At line 80 added 2 lines |
| __⚠️ Note:__ that the URL does not include the password section.\\ |
| \\ |
| At line 58 changed one line |
| The __password field should be empty__ and put the SAS token to the "__Shared access signature token__" input field.\\ |
| Provide the Storage Account name as the Username.\\ |
| The __Password__ field should be left empty, and the __SAS token__ should be entered in the __Shared access signature token__ input field.\\ |
| At line 87 added 4 lines |
| The __Share Name__ or __Blob Container Name__ corresponds to the first folder in the URL.\\ |
| \\ |
| __Block Blob__: __⚠️ Important__ -> You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\ |
| \\ |
| At line 92 added 71 lines |
| \\ |
| When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly. See at [1.Azure File Share Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Azure%20Integration#section-Azure+Integration-1.AzureFileShare] or at [2. Azure Blob Container Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Azure%20Integration#section-Azure+Integration-2.AzureBlobContainer].\\ |
| \\ |
| !4. Authorize access to blobs using Microsoft Entra ID\\ |
| \\ |
| Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (More info : [Authorize Access Azure Active Directory Link|https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\ |
| \\ |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • login.microsoftonline.com\\ |
| • graph.microsoft.com\\ |
| \\ |
| Open the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal]\\ |
| \\ |
| __Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\ |
| \\ |
| [SharePoint Integration/new_registration.png]\\ |
| \\ |
| In the Redirect URI section, for Platform configuration, select __Web__. The Redirect URL must end with __register_microsoft_graph_api/__.\\ |
| \\ |
| {{{ |
|
| http://localhost:9090/register_microsoft_graph_api/ |
| or |
| https://your.crushftp.domain.com/register_microsoft_graph_api/ |
| |
| }}}\\ |
| \\ |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the __value__ immediately!\\ |
| \\ |
| [SharePoint Integration/new_secret.png]\\ |
| \\ |
| [SharePoint Integration/secret_value.png]\\ |
| \\ |
| Configure the __API permissions__:\\ |
| \\ |
| [attachments|azure_api_permission_blob.png]\\ |
| \\ |
| [attachments|azure_user_impersonation.png]\\ |
| \\ |
| In your __Storage Account__, navigate to __Access Control (IAM)__ and assign the roles __Storage Account Contributor__ and __Storage Blob Data Contributor__ to the specified user.\\ |
| \\ |
| __⚠️ Important__: This applies only to __Blob Storage__.\\ |
| \\ |
| [attachments|azure_access_control_roles.png]\\ |
| \\ |
| Access the user’s __VFS settings__ and configure the __Refresh Token__ for the remote Azure connection.\\ |
| • Provide the __Storage Account Name__ in the __Username__ input field.\\ |
| • Under __User Delegation Settings__, click the __Get Refresh Token__ button.\\ |
| \\ |
| [attachments|user_delegation_settings.png]\\ |
| \\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\ |
| \\ |
| __Client id : __ See at App Registration -> Overview -> Application (client) ID\\ |
| \\ |
| __Secret key:__ See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID.\\ |
| \\ |
| __Tenant:__ See at App Registration -> Overview -> Directory (tenant) ID.\\ |
| \\ |
| __Scope:__\\ |
| {{{ |
| https://storage.azure.com/user_impersonation offline_access |
| }}} |
|
|
| \\ |
| Click OK. Sign in with the specified Microsoft account to grant access and obtain the refresh token. __⚠️ Note__: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above. This will automatically configure the __User Delegation Settings__.\\ |
| [attachments|azure_refresh_token_form.png]\\ |
| \\ |
| __⚠️ Important__: To generate a new SAS token for your storage account, run the following job example: [Renew Azure SAS token via Azure User impersonation|CrushTaskExample18]\\ |
| \\ |
