This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 41%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
I'm new to Azure WebApps and storage, what I'm trying to understand is how best to mount storage on Azure WebApp (Linux OS) with read/write capabilities.
I am deploying a CMS application which allows site administrator to add content including uploading files (images, docs, videos, pdfs etc...) on the fly. These need to be stored on a file server and cannot be stored in the webroot, hence why I need to mount blob container allowing hierarchical namespace (i.e. a folder structure). The CMS application then renders these files to a webpage. Think of it as Wordpress. Just to be clear, these are not files that are added beforehand, these get uploaded by site administrators just like updating content to the database, they can also upload files to the server.
The issue I'm facing is, file share does not allow anonymous access and requires SAS URL, Data Lake Gen 2 (ADLS 2) is read only but does allows access anonymously. Is there an alternative way to mount storage to a WebApp with the ability to read anonymously and has write permissions?
The problem with using File Share
Anonymous access is not allowed for files stored in file storage, the access needs to be authorised. One way of authorising the access is to create a SAS on a file/share level with Read permission and then using that SAS URL to access the file. This is not possible in my scenario.
Problem with Data Lake Gen 2 storage
This option would have been ideal unfortunately, mounted Blob containers are read only "Mounted Blob containers will become read only in Feb 2020" and MS recommend to use azure files!
I cannot use SDK as that would required rewriting parts of the CMS for performing CRUD operation on the objects and that is not possible as its a massive piece of software to change.
Am I approaching this the wrong way? What options do I have other than going down the VM route?
None of the Azure Storage technologies support anonymouse write access as it is a major security risk allowing anyone to write files. You can either look at adapting your application to have it communicate with Azure Storage securely, or have your administrators upload files directly to Azure Storage using Azure Storage Explorer or similar tools.