I am trying to release multiple projects in 1 solution using Azure Release pipeline
They are all connected to the same Azure Subscription, but some do deploy to the given app service while others give an unauthorized error.
Ive looked into it and i read that adding website_webdeploy_use_scm to the app service should help the Unauthorized error, but this didnt help for me.
What else could i look at? I connect through Azure Devops so i just selected the subscription from the list it automatically gathers from Azure because im logged in using the same logins as i use for Azure Portal
the full error is:
Connected to the remote computer ("xxxx.azurewebsites.windows.net") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.
Error: The remote server returned an error: (401) Unauthorized.
according to the error I'd suggest you check service principal permissions. it probably lacks the permissions required to manage those webapps.
So after refresh publishing profile in Azure Portal and trying it again it fixed itself so im not sure if that caused it or not but it worked!
another fix is to delete the slot and make it again
Related
We have an app which get data from Azure DevOps Services using RestAPI with token. Without authentication it is working fine.
After enabling authentication get errors 500/431 without any explanation. Authentication set for single tenant and with new application registration.
THE ONLY WAY TO GET AROUND THIS PROBLEM WAS TO USE A CONTAINER BUILD FROM AZURE - USE VS CODE TO PUBLISH & BUILD - USING A CUSTOM CONTAINER FAILED ALWAYS
I tried the following without success:
Setting - WEBSITE_AUTH_DISABLE_IDENTITY_FLOW - Azure Web App + Node.js + Azure AD = Error 431
Added specific permission for - Azure DevOps Services on the Identity provider tab.
Any advice would be most appreciated
The error 500 may occur if you have enabled App Insights monitoring on client-side.
Please check whether you have enabled that option or not like below:
APPINSIGHTS_JAVASCRIPT_ENABLE = true
If it is enabled, disable it by assigning false parameter as suggested in this SO Thread by L. González.
These 500/431 errors occur due to many reasons and to know the exact issue behind the error, try enabling diagnostic logging.
To know more about diagnostic logging please refer this MsDoc
Try restarting the App Service and raise Azure Support Ticket if still the issue persists.
Reference:
how do I fix the azure web app error 500? - Stack Overflow
I have been looking at this issue for days and I know from experience that I usually work these things out but this time I have hit a brick wall.
Scenario
I have a python app that gets instantiated inside an Azure DevOps YAML pipeline.
The app calls the Azure DevOps REST API to create a repository
The app uses a PAT (personal access token) to authenticate
Firstly issue is, a personal access token is connected to me as a human user. If I leave the company the PAT will be revoked which is not good for an app that needs to run in a non-user context.
So now I want to setup my Python app to authenticate to the Azure DevOps REST API using client credentials flow.
My issue is, I can't find consistent information about this.
I have created an app in Azure DevOps:
My plan would be to get this all working in Postman and then port my finding to Python code.
So really, I am looking for help with the setup I do in Postman and I can work the rest out myself in Python.
Many posts talk about Azure DevOps and Azure AAD (Azure Active Directory) together but, seeing as I create my app registration in Azure DevOps, as shown in the picture, I don't see why I would do anything in AAD.
(Note, my Azure DevOps instance was created outside Azure. Azure knows nothing about my Azure DevOps instance)
Any pointers to the CORRECT information about how to do this would be good. And remember, I definitely need the client credentials type flow. There is no human interaction between my app and the Azure DevOps REST API.
Update
Here is what I have in Postman right now:
Note:
You can see the check boxes which I am using to toggle application/x-www-form-urlencoded key / value pairs on and off
the resource - 499b84ac-1321-427f-aa17-267ca6975798 is apparently the GUID for Azure DevOps and doesn't change
If I look inside the HTML from the 500 error I see this: Could not find partition for hostId: 499b84ac-1321-427f-aa17-267ca6975798 which is the DevOps resource GUID mentioned above.
And here is the 500 error I get from Azure Devops:
It's all very confusing but I am sure I just need to tweak one or two things to get it working.
I want to use client_credential flow in Azure DevOps for the same reasons as you! Last time I spoke to support they told me it was planned for Q3 2020. Reviewing the roadmap I can't see it on there at the moment. I also couldn't see any feature requests currently raised on Dev Community so you could consider trying to raise the profile of this issue on there.
I have created a new MVC application with windows authentication and without doing any changes to application, I have deployed to Azure App Service.
When I browse the URL I am getting the message as "You do not have permission to view this directory or page.".
When I check the "DetailedErrors" folder, it was "IIS Detailed Error - 401.0 - Unauthorized".
I have referred many post with this issue. But none of the solution mentioned in the post solved my issue.
Please let me know what configuration I am missing.
Thanks
Windows authentication is not supported in App Service.
In order for IWA to work, the server would need to be AD joined.
You do not have that level of access in App Service.
https://devblogs.microsoft.com/premier-developer/moving-legacy-asp-net-apps-with-windows-authentication-to-azure-app-service-part-1/
You will have to migrate to e.g. Azure AD authentication or host the app on a platform that supports IWA.
After i Creat On-Premise gateway localy in my computer using the same account with azure, But still i got error message that says No Installed Instance were found for ther curent users. I Already make the region same to SEA but still no instance were found . I already tried to uninstall the On-Premise gateway but the result still the same. For the reference i'm using this tutorial https://blogs.biztalk360.com/access-on-premise-sql-server-data-from-azure-logic-apps-via-on-premises-data-gateway/ .How to fix this, and what cause that happen ? and fyi im using Invitation from Default Directory to acces Azure is that what caused this ?
The user must be created inside the same Azure directory where the gateway is created.
I was trying to use an AD account invited from another directory and it doesn't work. How can you tell if a user has been invited? The "User principal name" will contain #EXT# just before the '#' sign.
In my case the solution was to create a new AD user specifically for the gateway.
I'm trying to publish a website to Azure, The publish settings were carefully reviewed, the files get published but the database is not, I'm getting this error.
Error 1 Web deployment task failed. (Could not complete an operation
with the specified provider ("dbFullSql") when connecting using the
Web Management Service. This can occur if the server administrator has
not authorized the user for this operation. dbFullSql
http://go.microsoft.com/fwlink/?LinkId=178034 Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_NOT_AUTHORIZED_FOR_DBFULLSQL.)
Any help would be appreciated!