Thursday, 01 June, 2017
How to download and back up Microsoft Azure Web Applications - Part 1.
How to back up your Microsoft Azure Web Application’s files using FTPS.
Future posts in this series will go over how to automate the Azure back up the process, what premium options Azure has to offer and how to back up your application’s database, but for now, we're going to focus on plain old and simple file transfers.
File Transfer Protocol (FTP)
The FTP protocol lets you transfer files between computers and was written in the early 1970s. If you have a website and upload any of the content yourself then you're pretty much guaranteed to have come across it. Naturally Azure supports FTP, but you really shouldn’t be using it anymore because FTP sends your username and password credentials over the Internet in clear, unencrypted text and that’s a security risk.
File Transfer Protocol over SSL (FTPS)
Published in 1996, and actively used since at least 2005, the FTPS protocol is a secure form of FTP using SSL, which encrypts your file transfers, protecting not only your username and password information but your file data as well. Azure supports it and there’s no reason why you shouldn’t be using it.
Secure Shell (SSH) File Transfer Protocol (SFTP)
SFTP is often confused with FTPS. SFTP was written in the early 1990s and is a secure replacement for FTP using Secure Shell access. Azure Web Applications don't support it out of the box. To configure it you need to install SSH, which on Azure means you’d need to run up a virtual machine running either Linux or Windows with OpenSSH installed; that’s a fair bit of setup and not something I’m going to be covering in this post.
Browser Support for FTPS & Third Party File Transfer Clients
While most modern web browsers support FTP access – simply type ftp://whateverftpaddressyouhave/ in the browser's search\URL input area - they don’t tend to support FTPS. For FTPS you'll need to install a dedicated application. The most popular, often recommended, free and open source FTPS clients are:
- FileZilla (Mac, Windows). https://filezilla-project.org/
- WinSCP (Windows). https://winscp.net/eng/download.php.
- CyberDuck (Mac, Windows). https://cyberduck.io/?l=en
My preferred FTPS client is FileZilla. Although WinSCP has great automation support. CyberDuck I haven’t tried in a while.
Finding your Azure FTPS Credentials
You'll need to know your FTPS username and password before you can transfer files with Azure. There are several places within the Azure dashboard where you can find them. I'll go over the options quickly below.
Downloading the Publish Profile
The quickest and easiest method is to select your web application in the Azure portal and click Get Publish Profile. This will download an xml (text) file which is supposed to be used by Visual Studio, but you can open it in Notepad to see the information inside.
It’ll look something like this:
<publishProfile profileName="demo - FTP" publishMethod="FTP" publishUrl="ftp://something.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="username" userPWD="password" destinationAppUrl="http://something.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="http://windows.azure.com" webSystem="WebSites"><databases /></publishProfile></publishData>
Once you’ve opened the file search for publishMethod="FTP". The credentials you’ll need are given just after this section of text. The parts between the quotes, following the = sign, are what you need. Look for publishUrl, username and userPWD.
Alternatively use the Dashboard Display
Alternatively you can find the FTPS host-name and username under the essentials section at the top of the web application’s dashboard display.
Or use the Properties Page
Or from the Properties page, by selecting the web application, then selecting Properties.
But, if you don't use Get Publish Profile, you'll need to remember your password
To my knowledge there’s no other way of obtaining your password in the new Azure interface; you must either download the Publish Profile or keep it recorded somewhere. Although, you can always reset it under the Web Application’s Deployment section, by selecting Deployment Credentials and entering the new details there.
Downloading Files using FileZilla
Once you've found your the FTPS URL, username and password your ready to upload and download files. Here's how to connect to Azure using FileZilla.
- Start FileZilla.
- Select File, Site Manager and click New Site.
- Select the FTP file Protocol and set the encryption to Use explicit FTP over TLS if available.
- Select the Login Type to Normal.
- Complete the input fields with the FTPS URL, username and password (Azure credentials) we retrieved earlier. NOTE: the FTP protocol and the Logon type of Normal must be selected to have access to all the required fields.
- Click Connect.
FileZilla will do the rest for you. If everything goes according to play you’ll have access to the files on your Azure Web App. FileZilla works in a very similar way to Windows Explorer. Browse around the file tree and right click to see and perform actions. I'll explain more on how to use it below.
What's this Unknown Certificate?
Remember we're using FTP over SSL? If you see an unknown certificate dialog pop-up then that's FileZilla saying "Hey, I'm using SSL, but this certificate is unknown to me, can I trust it?". If you look at the Certificate Issuer section you'll see it's issued by the Microsoft Corporation. Now arguably Microsoft Certificates should already be in your trusted certificate store, I don't know why Azure FTP Certificates aren't, but since you initialised the connection, you know it's your Azure web-application's FTP server, in my view it's safe to click okay and trust it.
If you don't want to see the message again in the future click the "Always, trust certificate in future sessions".
The FileZilla status output will show something like this:
Status: Disconnected from server Status: Resolving address of changedthisbit.ftp.azurewebsites.windows.net Status: Connecting to 22.214.171.124:1... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Status: Directory listing of "/" successful
Below the status window output given above are four windows. The ones on the left show what's on your local machine. The ones on the right show what's on the Azure Web App. I've labelled local and remote for you in the diagram below.
On the left hand side browse to a location on your local, home, development machine where you want to download your files to or upload them from. On the right hand side select the folder or file you want to download or upload from or to (/site/wwwroot is the folder containing all your Azure web application files)- right click, select download or upload, and FileZilla will transfer the files for you.
My final words of advice would be to go slow, check you're using the right connection credentials. You'll get there in the end. If you're struggling let me know, I'll try to help and update the article accordingly.
Want to Thank Me?
Did you like this article? Was it helpful? Why not buy me a coffee on Paypal? Buy me a coffee?