I've deployed nopCommerce as an Azure App Service using the simple Web Publish option.
Having then tried to configure the installation by running the nopCommerce installer I receive the following errors.
The 'IIS APPPOOL\MyUserName' account is not granted with Modify permission on folder....
Now normally this would be a trivial fix as I would login the application IIS server and presumably grant modify permissions to the IIS APPPOOL user for the given folders. However because this is an Azure App Service, I do not believe there is any way to login to the actual VM that runs all my application instances and thereby grant permissions to the APPPOOL user.
So is there some way to work around this? Can I grant these permissions using some other means for an Azure App Service (for example using the console in Azure)?
For anyone curious the actual solution was creating these folders.
wwwroot\bin
wwwroot\log
and the files:
installedPlugins.json
dataSettings.json
Once I added those files/folders I was able to successfully complete the installation.
Related
I have several ASP.NET Core Web API services that are deployed via Octopus Deploy (v2019.12.1) to IIS.
I am trying to figure out how the permissions work to the files. When I look at the files/folders, they do not have any any permissions setup on them to allow the App Pool to access them. I don't understand how this works. But I did not care until today when stopped working.
I setup a file share to the Applications folder under the Octopus2 directory. When I did that it all stopped working. My sites now give me an error saying that they do not have permissions to access the config file.
When I look up fixes for this, they say I need to add the App Pool to the file/folder security. When I do this it works... until the next deploy when octopus makes another folder that does not have the added permissions. I could move those permissions up a folder, but then I am moving to manually managing it.
And somehow it worked without giving the App Pool direct permissions. So here is my question:
For an Octopus Deploy IIS Web Application, how does the application have access to the config file? (Assuming you did not do anything beyond the basic template for an IIS Web Application (and supplying a user for the App Pool).
In my case I'm using the custom installation folder where I'm keeping all my applications.
D:\Applications
D:\Applications\Product\Services\App1
D:\Applications\Product\Services\App2
Before any deployment I have a step (required step) in order to set up root home directory as above.
Create Folder step
I'm granting all IIS application's identities ability to access their installation folder.
In case you are using Octopus installation directory you can create child step which will grant desired permission to your application identity.
Application directory:
Octopus.Action.Package.InstallationDirectoryPath
Octopus System Variables
I'm using VSTS to deploy a azure cloud service package and getting a file access issue for web.config not able to be written to after a successful deployment.
At the moment I manually set the file permission via RDP to correct it for eg. on e:\siteroot\1\Web.config (Everyone FC)
To avoid this manual step - how can I set a folder/file permission for a file under cloud service deployment.
The issue seems not related to azure projects directly. It's not suggest to give a permission with Everyone FC, this may cause security risk.
For Azure Cloud Services Web Roles, the default Application Pool Identity account is “Network Service”.
In a normal basis the Application Pool account needs read permission over the web.config file so it can read all the application configuration.
For this kind of issue, you could creating a Startup Task to give write permission to Network Service in the application Web.config file.
Please go through the detail steps in this similar issue: Error “Access to the path ‘E:sitesrootWeb.config’ is denied” when storing Azure AD’s public key in Web.config of an Azure Cloud Services application.
Also take a look at this related question: Web.config Access denied when Package Azure cloud services projects in Visual Studio 2013 for Web
You can create a .bat file where you call the icacls command with the parameters you prefer:
How to grant permission to users for a directory using command line in Windows?
and then you can configure a startup task for your cloud service to run this file:
https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-startup-tasks
I have a function app, in the app service I am adding a webjob, which would run a .cmd or .ps1 script for some functionality required by the function app. The script requires administrator permissions. I am trying to run the webjob, but the logs show me the error that admin rights are required. How can I run the webjob with elevated permissions?
Web Jobs and Function Apps are running on App Service, which is running inside a sandbox. You can't get administrator permissions in App Service.
Read about the limitations and possibilities in Azure Web App sandbox.
We have a WebJobs-enabled project that we use to deploy and schedule WebJobs. A couple of our developers are able to publish the project but I am getting an error when attempting to do so. The publish itself succeeds but I get a bunch of errors at the very end saying:
An error occurred while creating the WebJob schedule: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
I have tried to publish a WebJob on its own using the Publish as a WebJob command and it worked just fine. The publish profile that I am using validates just fine too. Why does it work for one but not for the other?
My account with Co-administrator privileges on the subscription, I could publish my WebJobs-enabled project to Azure App Service successfully (both website and webjob run fine). This thread discussed a similar issue, and we could find that account without Co-administrator privileges may cause this issue, so please make sure whether your account has Co-administrator privileges.
I wish to have an automated process that basically deploys (copies) a asp.net web site in a CI situation. I have built the web site and I then want to copy the code to the web server. This powershell code is running on my build server. the build server is running under a defined service account and i have given that account full control to the folder on the web server where the web site needs to be deployed.
The powershell code works if i run it from my local machine under my accoount (i have full control). When I run the code from the build under my admin acount it fails. when it runs under the service account it fails.
The web server and build server are both windows 2003 boxes. My machine is Vista.
I am really confused here it seems like the user credential are not correctly getting passed from the build server to the web server, but are from my vista pc to the web server. I wish our admins had a clue, this seems like some very basic authencitaions issues.
commands that a failing are Copy-Item and Remove-Item, I can do get-childitems no worries as i am copying all the existing file into a zip before i re-deploy (ie i can access the folder i just can write)
Thanks in advance
RhysC
See this:
PowerShell 2.0: Accessing Windows Shares during a Remote Session
I know you mentioned that Get-ChildItem was not failing, but what are the read rights (share and file-system) on the WebServer?