System administrators can use the same configuration file across multiple IIS servers thanks to Shared Configuration feature. This file is normally stored in on-prem file server. If you want to store this file in an Azure file share, there is a specific procedure that needs to be followed. Step-by-step instructions are below.
Note: Instead of following the instructions below, you can try to use “Map network drive” feature in Windows File Explorer or the New-PSDrive command below. In my case, these options didn’t provide a permanent solution (Settings were reverted after a server restart).
New-PSDrive -Name Z -PSProvider FileSystem -Root "\\name.file.core.windows.net\your-file-share" -Credential $credential -Persist -Scope global
Step-by-step instructions
Please follow the steps below to link your Azure file share in your IIS server.
- Open Azure dashboard
- Go to “Storage accounts > name-of-the-storage > Access keys”
- Copy the storage account name and key to notepad
- Login to the IIS server
- Run the command below. It will create a network share that will be used by IIS
net use * \\name.file.core.windows.net\your-file-share /User:your-storage-account-name your-key - Create a local user account in IIS server: “Windows Server (Computer Management > Local Users and Groups > Users > Right click > New User)“
- Name of the local account should be exactly the same as your storage account name
- The password of the local account should be exactly the same as your storage account’s key
- Check “User cannot change password” and “Password never expires” options. Click OK
- Add the account you created to the IIS_IUSRS group (Computer Management > Local Users and Groups > Groups > IIS_IUSRS > Properties > Add)
- The rest of the steps are for setting up IIS Shared Configuration (The article explains as well)
Step 3: Copy storage account name and key
The main point in the process is that using a local user account that has the same username and password (key) as your storage account in Azure.
Can I use a service account instead of a local account?
As of now, I am not aware of a way to use a service account to access an Azure file share via IIS. If you access it manually (login to server and go to the path in File Explorer), you can use persistent connections (Another resource is here). However, if you want IIS to access to the share, using a local account seems to be the only way.