Access file on Azure virtual windows machine from an Azure Function

Question

. 。 Answers to this question are eligible for a +200 reputation bounty. Andrew Duffy wants to to this question: 这个问题：

I just want to know if I can indeed do this.... I want to access a virtual machine from an Azure function and pull a file off it... as a starting point the azure function and the virtual machine can be on the same azure subscription.

I want to access a virtual machine.. a file server if you will.. from an Azure function.

How do I get the azure function to authenticate with the virtual machine?

Currently the azure function and the virtual machine are on different Azure subscriptions.. but we have implemented VNet peering between the two of them.

I'm using this library https://github.com/mattjohnsonpint/SimpleImpersonation but I'm super unsure what to use:(

The Azure function code below returns "Access to the path is denied"

        try
        {
            var credentials = new UserCredentials("virtualmachinedomain.com.au", "andrewd", "passwordhere");
            using SafeAccessTokenHandle userHandle = credentials.LogonUser(docGenRequest.LogonType);  // Which login type to use?

            WindowsIdentity.RunImpersonated(userHandle, () =>
            {
                FileStream fileStream = new FileStream(@$"\\fileserver.com.au\WordDocToAccessOnFileShare.doc}", FileMode.Open);
                if (fileStream != null && fileStream.Length > 0)
                {
                    messageReturnedAsPartOfOkReesult = messageReturnedAsPartOfOkReesult + "Result: Able to reference file";
                    logger.LogInformation("able to reference file");
                }
            });
        }
        catch (Exception ex)
        {
            messageReturnedAsPartOfOkReesult = messageReturnedAsPartOfOkReesult + $"Result: Unable to reference file. Exception: {ex.Message}";
            logger.LogError($"Unable to reach file {ex.Message}");
            if (ex.InnerException != null)
            {
                logger.LogError($"Inner exception {ex.InnerException.Message}");
            }
        }

Answer 1

Is your function integrate with the VNet (supported only on Premium)?

But a function trying to impersonate to access the local file system of a VM is weird. Seems to be an XY problem here.

The native file share service on Azure is the Blob Storage. You can mount a share on your Azure VM. You can also connect natively to this share using functions (or any other Azure service) without impersonation.

If you can't move your data to a Storage, then expose a service hosted on the VM that will be called by the function.