Web deployment task failed. ERROR_USER_UNAUTHORIZED - azure

I am trying to deploy my Bot to azure. I have created it in azure and i downloaded the source code. But now im trying to deploy it again i'm getting the error on the title. I got all the credentials correct because i wrote it down before. This is the error.
Severity Code Description Project File Line Suppression State
Error Web deployment task failed. (Connected to the remote computer ("dotnetfpbot.scm.azurewebsites.net") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
Make sure the site name, user name, and password are correct. If the issue is not resolved, please contact your local or server administrator.
Error details:
Connected to the remote computer ("dotnetfpbot.scm.azurewebsites.net") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.
The remote server returned an error: (401) Unauthorized. AzureBot 0
If ever my username or password is wrong is there a way to change them?

please delete the publish profiles and rebuilt them by going through the wizard again.

Yes. Sign in to your Azure account and hit 'get publish profile' at the top of the dashboard after you click into your project and you can send it to Notepad. Much stuff there. It all repeats; It is userPWD="the long password is here"

Related

Problems publishing a ASP.NET Core 3.1 project to azure Getting a message "Your account is at risk"

I am trying to publish a project from Visual Studio 2019 (fully updated) to azure. But when I try to login I get the message:
Your account is at risk
To help you—and only you—get back into . I verify my account by sms message and enter the old and new email address. But then again when I try to login it again wants me to verify.
At the same time, the email works when I go into Azure portal and I also managed to deply a Microsoft SQL database into Azure SQL. (Though initially I had to add the IP address in the firewall on Azure). Also I updated the location of the user to Thailand (Where I am), in case the system matches the IP address to the location.
OTher things I have in place are for example the resource group. And I also tried to create an app in Azure portal and then publish it to this, but the issue is that I can't login from Visual Studio.
Any suggestions on how I can publish a project to Azure?
------- UPDATE --------------
Still in the loop of login, verify, new password and login again. The screen I get is like this:
The following screens are:
enter code send by sms
Enter old and new password
Login
-. And back at the verify screen again.
Any suggestions.
Based on the suggestion below I also removed some of the credentials in the credential manager (those that I thought might have to do with this issue).
One possiblity is that there is an old version of your password stored in Credential Manager.
When you try to login via Visual Studio it fails because the password is incorrect. Trying to login with the incorrect password also causes the account to lock, requiring you to verify with SMS.
If this is an Azure WebApp, your best bet is to download the publish profile and use it in your Visual Studio, this way you'll be able to publish your app.

Azure new users: You do not have permission to view this directory or page

I have a web app in Azure. The access to that web app is controlled by Azure Active Directory. The app is up and running since September of last year. I didn't make any changes to the app for a while and have 33 users in that app.
So, a week ago I tried to add a user, using the same methods and paths I used before.
The new user can log in to microsoft (portal.office.com). After the initial log in and changing of the password the user goes to the web app in Azure and get the following error: You do not have permission to view this directory or page.
Error tracing gives me this:
HTTP Error 401.73 - Unauthorized You do not have permission to view
this directory or page.
Most likely causes: The authenticated user does not have access to a
resource needed to process the request.
Things you can try: Create a tracing rule to track failed requests for
this HTTP status code. For more information about creating a tracing
rule for failed requests, click here.
Detailed Error Information: Module EasyAuthModule_32bit
Notification BeginRequest Handler
ExtensionlessUrlHandler-Integrated-4.0 Error Code 0x80004005
Requested URL https://*******:80/.auth/login/aad/callback Physical
Path D:\home\site\wwwroot.auth\login\aad\callback Logon Method
Not yet determined Logon User Not yet determined
More Information: This is the generic Access Denied error returned by
IIS. Typically, there is a substatus code associated with this error
that describes why the server denied the request. Check the IIS Log
file to determine whether a substatus code is associated with this
failure. View more information »
Microsoft Knowledge Base Articles:
Another observed behavior: usually when new users are logging in the web app asks for permissions for the AD to access their account information. Ever since this problem came up this is not the case any more.
Other users do not have any problems logging in. This problem only happens with new users who never logged in before.
EDIT: When I go to Active Directory and look at sign ins, I see failures to log into the web app with sign-in error code 90092. Failure Reason: Other.
Microsoft help desk could not give me details on that error code.
Checkout the related question and answer here. All new users have to first consent the application (agree and give your application permissions to access their profile / or you indicated as required permissions).
In short, you have to design "sign-up" button for your application, which uses the "login_url" and appends "&prompt=consent" to the query string.
Read all related resources here to better understand the consent framework.
And please read the documentation about Azure App Service Authentication/Authorization here, as well as the Azure AD specific documentation here.
OMG, I just found an answer. I created a test app and set it up to mirror the settings of my live app.
In Required Permissions the new app had nothing for Microsoft Graph, the live app had 5 permissions. I deleted Microsoft Graph and it works now!
I wish Microsoft communicated better about discontinued API's. I did get an alert, but it was mostly talking about MS Office 365.

Issue in creating bot service in Azure- Error while creating microsoft App id and password

I am trying to create a bot service using Free Trail Subscription in Azure Portal. While clicking on create Microsoft Appid and Password button, it directs to a page. Instead of showing me up with name and id in Generate App ID and password page,I get the below error as
"There's a temporary problem with the service. Please try again. If you continue to get this message, try again later"
Could anyone help me out to resolve this error. Also can you confirm if this is due to when a service is down or issue with the browser.
Thanks
I got the issue rectified by creating a separate Microsoft account id and by logging in using that I was able to generate appid and password successfully.

Msdeploy failed: The account 'xxx' does not appear to be valid

I am trying to get automated deployment from TeamCity working for one of our new API endpoints. I have everything set up correctly, including the final step where TeamCity calls MSDeploy to send the package over to our server (we're talking our Integration / test server here).
Everything was working fine but, when creating the new site in IIS, we had borrowed a service user from another website for the app pool to run as.
When we created a new domain user and switched the app pool over our deployments started failing. The error MSDeploy gives is:
Error: (30/10/2014 15:00:56) An error occurred when the request was processed on the remote computer.
[15:00:56][Step 1/1] Error: The account 'XXX' does not appear to be valid. The account was obtained from this location: 'system.applicationHost/applicationPools/******.com'.
[15:00:56][Step 1/1] Error: Some or all identity references could not be translated.
[15:00:56][Step 1/1] at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
[15:00:56][Step 1/1] at System.Security.Principal.NTAccount.Translate(Type targetType)
[15:00:56][Step 1/1] at Microsoft.Web.Deployment.Impersonator.GetNTAccount(String userName, String source)
Where XXX is the new domain user we created. Let's call the old domain user that we borrowed 'YYY'. We are using a third account, 'ZZZ' to connect with web deploy. So, everything was fine with the app pool running as YYY, but when we switched to XXX this error occurs.
We have looked and looked, but we can't find any differences between XXX and YYY. They're both in the same AD groups and both seem to have the same permissions on the server. Logging in to the server through RDP using account XXX allows us to open the IIS GUI and browse / administer the sites.
I've been unable to find many other sites talking about this problem, but it's got us completely stumped.
FYI, we have already restarted the web server in question, to see if that helped. It didn't.
The error being returned here is just a general authentication failure error. In this particular scenario the authentication failure was being caused by a discrepancy between the User Principle Name and the SAM Account name of the user the application pool was running as.
See the following question for an explanation of which name is used when authenticating an Active Directory user - https://serverfault.com/questions/371150/any-difference-between-domain-username-and-usernamedomain-local
In our particular example, the active directory user name of the application pool was longer than 20 characters. The SAM account name has a 20 character limit which means all characters over 20 were not included.
As explained in the linked answer, the format you use when specifying the domain and user name will determine which version of the name is used for authentication. Therefore with an example user name of "username_longer_than_20_characters" the following formats would work:
domain\username_longer_than - authenticates using SAM account name
or
username_longer_than_20_characters#domain - authenticates using User Principle name
The answer in the linked post also explains how to check the SAM account name for an Active Directory user.

Error creating deployment credentials for azure

I have a website successfully deployed to Azure and it's been working fine. Recently the website stops responding seemingly out of nowhere with "server encountered an internal error". It comes back on its own.
To troubleshoot this, I believe I need to FTP the logs from the website to review them.
To get the logs, I believe I need to create Deployment Credentials for the website (I normally deploy from within Visual Studio using a publishing profile.
When I go to create the deployment credentials, I repeatedly receive the error "Failed to Set Credentials with error: 'Cannot modify this user as there is another operation in progress.'"
I am not aware of any other operation in progress. Is there a way to look at what other operation is in progress? Does this even sound like a legitimate issue? Is this maybe a misleading error message where the issue is actually something else?
Thanks in advance
I'm able to access Logs through FTP like this:
Set your username and password in Deployment credentials section
Switch to Properties section to see FTP connection details
In your preferred FTP client create connection:
Server name: FTP_HOST_NAME:21/LogFiles
User name: FTP/DEPLOYMENT USER
Password: Password set in Deployment credentials
Use passive mode
No SSL explicit
See this recent link HERE
Someone from MSFT says that data center maintenance is happening. Not sure if that's the real reason though.
Did you try to use the credentials from the "Get Publish Profile" file?
You can also use the publish profile file to connect with FTP.
Go to the Overview category and click on get publish profile.
Then open this file with a file editor and use the following credentials:
userName: the normal username
userPWD: the password
publishUrl (The one with FTP): the host or server.

Resources