Yesterday, I was asked how we could provide FTP access to just one Azure web site. The obvious first glance option is to use the web sites deployment credentials, however I know the Azure deployment credentials won’t work because they provide access to all web sites. After some research I found that each Azure web site has site credentials, which are unique to that site and could be used to provide FTP access. The interesting thing is that site credentials are generated by Azure and there doesn’t appear to be any control over them. This seems like a poor hack of a solution and has potential risks, but I guess it is better than nothing. At least Microsoft does include a way to reset the site credentials, but again Azure generates the reset credentials. At this time it appears this is the best option available.
So, where are the site credentials? They are found in the Azure sites publishing profile settings. You can download the settings from the Azure Management Portal by clicking on the Get publish profile link.
Once the site’s publishing profile is downloaded, open it in your favorite text editor. You’ll need a couple of the settings found in the XML information. Locate the FTP profile and then identify the domain name of the ftp site, the user name and the password.
Setup the FTP Client
You can use any FTP client to connect, but for this example I’ll be using FileZilla. To establish a connection in FileZilla, open the Site Manager and click on New Site.
Enter the following information:
- Host: waws-prod-ch1-007.ftp.azurewebsites.windows.net
- LogonType: Normal
- User: mmwaretraining\$mmwaretraining
- Password: Enter the really long password
- Click Connect.
You may get a TLS certificate warning. Click OK at accept the Azure certificate.
FileZilla will now connect to your Azure web site. Once connected, you’ll be able to add directories and upload files to your web site.
That’s it. While this solution isn’t perfect, it is better than distributing the deployment credentials. I hope that Microsoft eventually adds more granular security controls, but for now I’ll use this.