Azure scheduler job not running - error no route registered - azure

I am getting below error while running Azure web job in scheduler -
Http Action - Response from host 'site.scm.azurewebsites.net': 'NotFound' Response Headers: Pragma: no-cache Cache-Control: no-cache Date: Wed, 28 Jun 2017 06:11:42 GMT Set-Cookie:
Path=/;HttpOnly;Domain=site.scm.azurewebsites.net Server: Microsoft-IIS/8.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Body: "No route registered for '/api/triggeredwebjobs/WebsiteEnquiries/run'"
please help me to resolve this.

According to exception, it seems that there is no named WebsiteEnquiries triggered webjobs. As David Ebbo mentioned that we could check the Webjob with kudu webapi(https://yourwebsite.scm.azurewebsites.net/api/triggeredwebjobs) to list the triggered Webjob.
We also could check the WebJob from the Azure portal.

Related

Azure Active Directory: 'Forbidden' error while fetching groupclaims using Graph API

I'm using Azure Active Directory tenant along with Graph API to fetch groupclaims objectIDs.
However, it's failing with Forbidden error at runtime.
I used the same code with another Azure Active Directory tenant (which created almost 4 months back), it's working perfectly.
I have followed ditto to create new Azure Active Direct tenant and double checked configuration details in Azure management portal.
Even, I have created many times new Azure Active Directory tenant with the same steps but still getting a Forbidden error.
{
StatusCode: 403,
ReasonPhrase: 'Forbidden',
Version: 1.1,
Content: System.Net.Http.StreamContent,
Headers: {
ocp-aad-diagnostics-server-name: a***********Bc=
request-id: 9*******1
client-request-id: 4b**************b9
x-ms-dirapi-data-contract-version: 1.5
x-ms-gateway-rewrite: false
ocp-aad-session-key: GXB**********************5bi0
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
Duration: 1168232
Cache-Control: private
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Fri, 08 Jan 2016 23:29:43 GMT
Content-Length: 139
Content-Type: application/json; odata=minimalmetadata; streaming=true; charset=utf-8
}
}
In general, Forbidden error is due to lack of permissions on the server, but another active directory tenant is working perfectly (which is also created by me 4 months back). There isn’t any configuration change between the working AAD Tenant and newly created one.
Is there any recent changes in AAD creation?
I’m using Microsoft Active Directory, do we need any configuration update from MSIT team on server side?
followed the steps: https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims
Could someone help me to fix this issue.
Thanks,
Pradeep
Make sure groupclaims that you try to access is in azure subscription you have access, also try creating new groupclaim and try to fetch using GraphAPi
MSIT team owns server side configuration setting.
Contacting them has been fixed the issue.

AADSTS50001: Getting exception while trying to access token from Azure AD by using ADAL from Console client

Getting exception while trying to access token from Azure AD by using ADAL from Console client.
Steps:
I have configured Azure AD with my Web API application localhost:44307.
Added the required configuration for Client Id, Client Key.
Followed the work around by changing manifest suggested in this link.
https://www.google.com/search?q=AADSTS50001+%2B+azure+AD+athentication&oq=AADSTS50001+%2B+azure+AD+athentication&aqs=chrome..69i57.10202j0j7&sourceid=chrome&espv=210&es_sm=93&ie=UTF-8#q=AADSTS50001&safe=active
ADAL Version Using: Microsoft.IdentityModel.Clients.ActiveDirectory 2.6.0-alpha
Console App Code:
void GetToken()
{
clientId = "be6b055a-4efc-222a-2187-49657e6f4f1b";
string ClientKey = "c/uIMlsqn9SzJLKKyBle42Ym+tgcaC2tbMlWxJQawE";
string ClientCredential clientCred = new ClientCredential(clientId, ClientKey);
authenticationContext = new AuthenticationContext("https://login.windows.net/MyDevAD.onmicrosoft.com");
authenticationResult = authenticationContext.AcquireToken("https://mylocalwebapiapp.com/", clientCred);
....
}
Fiddler Input:
POST https: //login.windows.net/MyDevAD.onmicrosoft.com/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
client-request-id: 53262b17-1234-4ed9-bdb3-748d332eb44b
return-client-request-id: true
x-client-SKU: .NET
x-client-Ver: 2.6.0.0
x-client-CPU: x64
x-client-OS: Microsoft Windows NT 6.3.9600.0
Host: login.windows.net
Content-Length: 185
Expect: 100-continue
Connection: Keep-Alive
grant_type=client_credentials&resource=https%3A%2F%2Flocalhost%3A44307%2F&client_id=be6b055a-4efc-408a-8187-42137e6f4f1b&client_secret=c%2FuIMlsqn9SzJLKKyBle123Ym%2BtgcaC3tbMlWxJQawE%3D
Fiddler Output:
HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Set-Cookie: x-ms-gateway-slice=ProductionB; path=/
x-ms-request-id: e89741b2-570d-44f6-9e71-6533b083abcd
client-request-id: 35262b17-4771-4ed9-bdb3-748d332eb33b
X-Content-Type-Options: nosniff
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Tue, 01 Apr 2014 19:05:51 GMT
Content-Length: 438
{"error":"invalid_resource","error_description":"AADSTS50001: Resource 'https://mylocalwebapiapp.com/' is not registered for the account.\r\nTrace ID: e89741b2-570d-44f6-9e71-6533b083cdad\r\nCorrelation ID: 35262b17-4771-4ed9-cddb3-748d332eb44b\r\nTimestamp: 2014-04-01 19:05:53Z","error_codes":[50001],"timestamp":"2014-04-01 19:05:53Z","trace_id":"e89741b2-570d-44f6-9e71-6533b083cdad","correlation_id":"35262b17-4771-4ed9-bdb3-748d332eb44b"}
Note: Posted URLS and ID's are faked ones.
We should not have introduced any changes. I would recommend to double check that you assigned to your client app the correct permissions for accessing your web API. Please note that your app is getting a token with its own credentials, hence you need to assign app permissions directly (as opposed to delegated permissions).
HTH
V.

Azure CDN adds x-microsoft headers to response, What are they and how to remove?

Placing any content into blob storage within a container hosted on Microsoft Azure set to public blob appends various x-ms-... headers in the HTTP response to a standard GET request from a browser. What are they used for, and can they be turned off? I dislike bloated and useless HTTP headers.
HTTP/1.1 200 OK
Content-Length: 1841396
Content-Type: image/png
Last-Modified: Sat, 05 Jan 2013 22:27:08 GMT
ETag: 0x8CFB9AAEECBA7B9
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dca0ba01-990b-439e-b9c9-11f698222d2e
x-ms-version: 2009-09-19
x-ms-meta-CbModifiedTime: Thu, 27 Dec 2012 18:23:17 GMT
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sat, 05 Jan 2013 22:28:47 GMT
I faced the same problem recently and I want to share information.
First, "x-ms-..." headers except "x-ms-meta-CbModifiedTime" is set by Azure Blob.
I think Azure Blob, Azure CDN don't support the functions remove response headers now.
However, "x-ms-meta-{name}" headers return metadata set to each blob by not Microsoft but clients.
So who does create "CbModifiedTime" metadata?
I found CloudBerry Explorer ("Cb") set this metadata automatically.
I couldn't found the way to be disable this function in Free Edition.
If you care about response headers, you should consider to use other tools
Additional x-microsoft headers in the GET response can be removed using CDN endpoints Rules engine

Cannot get IIS ISAPI Tomcat connector to pass BASIC Authentication through to Tomcat

We've successfully configured IIS to front 2 Tomcat instances using isapi_redirect.dll. It's doing everything smartly, and we've been very happy. Now, however, we're using one of the Tomcat instances to serve up web services through AXIS. This requires BASIC Auth, and .NET clients are failing.
+ .NET clients can bypass IIS by surfing to "site:8180" and they're fine
+ Java clients can hit IIS and ISAPI passes them through and they authenticate just fine using basic.
+ .NET clients that hit IIS fail to authenticate using the same unpw.
Fiddler reports this session:
HTTP/1.1 401 Unauthorized
Date: Wed, 07 Jan 2009 14:31:59 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
WWW-Authenticate: Basic realm="Daily Control Module"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Proxy-Support: Session-Based-Authentication
It kicks up what looks like a basic auth dialog, but instead of asking us to auth against Daily Control Module, it asks us to auth against the Windows server. And sure enough, the IIS server is asking for an NTLM auth. If I set the entire server to use Basic Auth, I get this from Fiddler:
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="serverName"
X-Powered-By: ASP.NET
Date: Wed, 07 Jan 2009 15:08:32 GMT
Sigh. Basic, but now the Basic Realm is changed to the IIS server. So, if I set the entire server to authenticate against Basic realm, Daily Control Module, then I get this:
HTTP/1.1 401 Unauthorized
Date: Wed, 07 Jan 2009 15:11:45 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="Daily Control Module"
X-Powered-By: ASP.NET
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 19:00:00 EST
WWW-Authenticate: Basic realm="Daily Control Module"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Weird with the dual WWW-Auth headers, no? At any rate, authenticating using same unpw that works directly against Tomcat fails, whether I specify the domain or not.
At this time:
+ Anon is Off
+ Integrated Windows Auth is Off
+ Basic auth is On, with the realm configured as Daily Control Module
Thanks for looking.
What is the configuration of the directory security?
Are you sure that only basic authentication is enabled?
Other point is. Maybe in the iis level you should use anonymous authentication. And tomcat is taking care of implementing the basic authentication interchange?
The source of the problem ( from the header you posted ) is that the .net client recognize that the site support ntlm authentication. And try to authenticate with that protocol. The java client is just ignoring the ntlm option so it use whatever other authentication protocol the site supports.
You should make sure that the integrated authentication is not enabled in the site and file level.

Why do we get HttpAntiForgeryException after publishing update to Azure Web app service?

We published an application update to the same Azure web app service and started getting errors:
Exception: System.Web.Mvc.HttpAntiForgeryException (0x80004005): The anti-forgery token could not be decrypted. If this application is hosted by a Web Farm or cluster, ensure that all machines are running the same version of ASP.NET Web Pages and that the configuration specifies explicit encryption and validation keys. AutoGenerate cannot be used in a cluster.
This happens to clients using a login page within the app. These are the response headers:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 5585
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.2
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 30 Jan 2019 14:23:33 GMT
The client has to either close the browser and reopen or clear the browser's cookies to fix the problem.
The web app was running 3 app service instances before and after the upgrade. ARR Affinity is on.
Why is this happening and how do I fix it?
Have a look at this answer. Since this issue has just started happening, verify that you don't have a inadvertant calls to #Html.AntiForgeryToken() between veiws.

Resources