我们在函数内部有一个带有html UI的Azure功能。 Azure功能应用程序具有对防火墙内部服务器的VNET访问权限。可以构建一个Azure服务器/文件共享身份验证功能,并允许浏览器用户下载安全网络文件吗?
如果是,可以不创建新文件吗?
答案 0 :(得分:0)
If your Azure Function is configured to be on a VNET that gets you the network access you need to the servers behind your firewall then it's possible, but the question is what protocol are you expecting to use to access those files? Azure Functions run inside the App Service "Sandbox" which has restricted outbound network port access which would prevent the standard file sharing protocols from working. If you exposed the on-prem files over HTTP in some way, then you'd be in business.
One dirt simple way might be to mount the file share as an IIS virtual directory. You do still have to consider security though. You won't be able to use Windows Authentication, but you could change the IIS virtual directory to use something like Basic Authentication and then your function would be configured with the necessary credentials to access it. Then you get into transport level security and realize you'll want to use HTTPS which implies setting up some certificates as well.
Another solution would actually be to look into using Azure Files to actually synchronize the on-prem files into the cloud as a completely separate integration and then systems like your functions app here actually only worry about accessing the files via Azure Files and don't even have to necessarily be bound to the VNET at all at that point.
I'm not sure what you mean by "possible without creating new files" though. Can you elaborate on your scenario a little more? You would probably need other functions in your app to perform the individual responsibilities of file transfers (e.g. handle POSTs, GETs, etc) if that's what you mean.