question

AnirudThapliyal-9057 avatar image
0 Votes"
AnirudThapliyal-9057 asked ·

How can I access a On-Premise network file share drive from Azure App service to upload a file using standard smb ports?

We have ASP.NET core web app hosted on Azure as App service. There is a file upload screen in this web application. On click of upload button, application tries to connect to a on-premise network file share drive and copies the uploaded file there. But after reading through few articles it seems that standard smb ports like 139, 445 are blocked to access from App service. I guess which is why we are receiving access denied while doing file upload.

Any suggestions on how can I access the on-premise network drive for above requirement?

azure-webapps
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered ·

Thanks for asking question! Yes, The following protocols and ports are required to access the files: Microsoft file sharing SMB: UDP ports from 135 through 139 and TCP ports from 135 through 139. Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

Check: https://docs.microsoft.com/en-us/troubleshoot/windows-client/networking/internet-firewalls-prevent-browsing-file-sharing

And the App Service sandbox explicitly does not allow access to the ports necessary for SMB protocol (137/138/139/445).
There are restrictions in terms of network access from an Azure Web App. This section outlines limitations specific to Azure App Service; apps are, in addition, still subject to Azure's own networking restrictions.

Check this article link mentions it under Restricted Outgoing Ports: https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox.

Alternatively, you can use Azure File Share and access using REST.

Also, the best way to share your feedback would be to create a User Voice feedback item and upvote it. The product group monitors this site for feedback. This is the best way to ensure you are heard and you may receive a response depending on how much they information they can currently share.


· 2 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnirudThapliyal-9057 avatar image AnirudThapliyal-9057 ·

Thanks @SnehaAgrawal-MSFT for response.

We are reluctant to use Azure storage because of the large size of file system which eventually will cost us much.
Is there any other solution for this scenario?

0 Votes 0 ·
SnehaAgrawal-MSFT avatar image SnehaAgrawal-MSFT AnirudThapliyal-9057 ·

You can try using a Windows Container on Azure App Service. In this case we don’t use our proprietary sandbox, instead we use the container as the sandbox. You will be able to join a VNet and access files from the VNet using SMB. The VNET would then needs to be connected to on prem via ER/VPN to reach on prem resources.

If you want to give it try, this is our quick start:

Quickstart: Run a custom container on App Service - Azure App Service

Check: Integrate your app with an Azure virtual network



1 Vote 1 ·