I am trying to add the following permission to an Azure role due to an error I am seeing in the logs - Microsoft.Web/sites/host/properties/read. However, I cant find this permission to apply when I edit the role definition. Any idea?
Glad JakeUT that you resolved the issue using the */read permission.
As per this Microsoft Documentation), hat permission _Microsoft.web/sites/host/properties/read_ is not found. After _Microsoft.web/sites/host/_ - listkeys/action, sync/action, listsyncstatus/action, functionkeys/write, functionkeys/delete, systemkeys/write and systemkeys/delete are available.
And from this GitHub Article, it is said that:
If the resource type is dynamic and the required permission is standard across all supported resource types (e.g. read, write), you can use relative permissions by replacing the resource type with "." or "{resourceType}". For instance, if checking read access on a website, you can check for "./read", which will be evaluated as "Microsoft.Web/sites/read". For a website deployment slot, this would be evaluated as "Microsoft.Web/sites/slots/read".
I have been following after this guide step by step:
https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi
The only thing that I didn't do (not sure if its related) is the following line:
"Also in the ToGoAPI project, open the file Controllers/ToGoListController.cs. In the [EnableCors...] attribute, enter the location of the To Do SPA client. By default it is https://localhost:44326. Make sure to omit the trailing slash.
"
The reason I didn't do it is simply because I can't find any [EnableCors...] in the code. I did try to enable CORS in a different way though. following this:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api#enable-cors
Anyway, I get the following error:
"Error :invalid_resource
adal.js:973 Error description:AADSTS500011: The resource principal named https://yorecisraportsco.onmicrosoft.com/ToGoAPI was not found in the tenant named yorecisraportsco.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 64213edc-4b12-4caa-aa4e-b9ec82bd3000
Correlation ID: 607d25c1-d915-46eb-ba48-67adb70ddab8
Timestamp: 2019-03-04 12:41:33Z"
I am not sure why this is happning as I followed the guide - configured everything in Azure like it said and also configured it in the code.
I have a requirement to delete some roles from an app registration.
Have tried to do this on the Azure portal both directly in the manifest editor and by downloading / editing / uploading the manifest JSON.
I get the following error:
Failed to update application xxxxxx. Error details:
CannotDeleteEnabledEntitlement.
I also tried to set "isEnabled" property to "false" and delete the roles after that with no success.
Anyone have any pointers on how to overcome this issue?
As you mentioned in your post, the deletion of any OAuth2Permission is a 2 step process:
You must first disable the permission, and push that to the directory.
Then you can delete the permission.
The error message you are showing in your post is a result of you not disabling the permission first. You will need to share details about the error you get if trying to delete the disabled permission fails as well.
I am getting this error when trying to get the Token from Azure Active Directory. I have got the code and everything looks great, but now I am getting this?
I have tried to give the application all kinds of different permissions?
Access Denied
{
"error":"invalid_grant",
"error_description":"AADSTS65001: No permission to access user information is configured for '{applicationId}' application, or it is expired or revoked.\r\nTrace ID: 0493ca6a-442d-4f68-9bb7-bc754896aac1\r\nCorrelation ID: e7a4981a-febb-49a0-b016-57f1d863a2bb\r\nTimestamp: 2015-01-29 09:36:07Z",
"error_codes":[65001],
"timestamp":"2015-01-29 09:36:07Z",
"trace_id":"0493ca6a-442d-4f68-9bb7-bc754896aac1",
"correlation_id":"e7a4981a-febb-49a0-b016-57f1d863a2bb",
"submit_url":null,
"context":null
}
It seems like this won't work, we choose to use OpenIdConnect instead which worked fine.
I try to push/sync a IIS Site from a Win2003 Server to another.
This is my command:
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator,password=PASSWORD -whatif > msdeploysync.log
I also tried the following
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=BACKUP-09\Administrator,password=PASSWORD -whatif > msdeploysync.log
I also tried
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator#BACKUP-09,password=PASSWORD -whatif > msdeploysync.log
This is the error:
Fatal: Request to remote agent URL 'http://backup-09/MSDEPLOYAGENTSERVICE'
failed.
Fatal: The remote server returned an error: (401) Unauthorized.
Fatal count: 1
I did run msdeploy/cmd as an
administrator.
I did try to access
http://backup-09/MSDEPLOYAGENTSERVICE,
it asked for my permissions, I
entered the credentials above, it
worked (empty site displayed).
This is Beta 2 of MSDeploy
Can anyone help me?
I now even set up a domain controller for all the servers... still the same issues, whether I'm logged in as a domain controller, supply the local accounts, all variations trigger a 401
Note that there is a bug in Web Deploy 2.0 (even the refresh) that does not allow users within the admin group to authenticate. Only domain admins and the administrator account itself can authenticate to web deploy. See the ERROR_USER_NOT_ADMIN error code on the following page: http://learn.iis.net/page.aspx/1023/web-deploy-error-codes/
Msdeploy appears to use NTLM authentication by default, even if userName and password are present. To enable the correct processing of "userName" and "password", append the following to the relevant source: or dest: parameters: ",authType=basic"
I got this error because UAC was turned on (Windows Server 2008).
Need to turn off UAC for remote connections:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy=1
This key helped me on another server (Windows Server 2012):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server\WindowsAuthenticationEnabled=1
Michael12345 suggested it here: https://stackoverflow.com/a/15059759/991267
This is a really old question, but I may have found an answer.
I was getting the 401 Unauthorized error message, but still able to login using the account specified in the call to MSDeploy, as described in the question.
In my case, the problem was solved by giving the deploy account admin privileges on the machine being deployed too.
(I see that you were using an account called Administrator, so this might not be the case for you - but I had the same symptoms so wanted to post anyway).
I've just experienced a 401 and ERROR_USER_NOT_ADMIN. In my case, the problem was I was using a hostname set in my hosts file (also in the hosts file on the destination machine) for the computerName setting to the -dest: parameter. NTLM was trying to treat this host name as the domain part of the username (e.g. hostname\userName). Changing this to the IP address or or real machine name fixed the issue.
I did not have this type of error before but in Visual Studio 2015 Update 3 when create a new ASP.NET Core application the default publish profile does not work.
I did find a solution. For me adding the
<AuthType>NTLM</AuthType>
line in the .pubxml file fixed the issue.