Connecting Umbraco backend with on premise AD authentication from Azure - azure

We are migrating our web applications from an on premise environment to Azure app services.
One of the webapps is causing a little bit of trouble, it's an Umbraco website that uses LDAP for connecting with an external AD for backend authentication.
It appears the authentication server is not being called.
The client receives the following message (after a while of waiting):
{
"Message":"An error has occurred.",
"ExceptionMessage":"The server is not operational.\r\n",
"ExceptionType":"System.Runtime.InteropServices.COMException",
"StackTrace":" at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)\r\n at System.DirectoryServices.DirectoryEntry.Bind()\r\n at System.DirectoryServices.DirectoryEntry.RefreshCache()\r\n at System.Web.Security.DirectoryInformation..ctor(String adspath, NetworkCredential credentials, String connProtection, Int32 clientSearchTimeout, Int32 serverSearchTimeout, Boolean enablePasswordReset)"
}
Unfortunately I'm not an Azure expert and searching for this problem didn't result in any solutions.
From the error message I can conclude that the on premise cannnot be reached from Azure, but I don't understand why.
Is Azure blocking the 636 port?
Is this setup even possibly in Miscrosoft Azure?
Any pointers in the right direction are greatly appreciated.

Related

An attempt was made to access a socket in a way forbidden by its access permissions. (localhost:5001)

I'm facing issue with my multiple project solution in .net core webAPI. I've gatewayAPI which internally makes call to different microservices via http call.
Gateway API URI exposed to outer world which has domain as azure app name but the internal calls from gateway to microservices are configured with http://localhost:5001/{apiEndPoint} which is working fine in my local machine but after deploying it on azure app service I'm getting below error:
PostToServer call URL:'http://localhost:5001/api/authservice/authenticate' with Exception message An attempt was made to access a socket in a way forbidden by its access permissions. (localhost:5001).
Can someone please help me with this, I'm new to azure and learning on my own but could not find any solution for this yet.
PS: After going through some YouTube videos and blogs I got to know we have to use AKS but I'm not confident in that.
Would really appreciate any help on this issue.
The Gateway API you deployed to azure app service, it doesn't support custom port usage for 5001. Azure App Service only supports port 80|443(HTTP|HTTPS).
If you must use multiple ports in your actual project, then it is recommended to check whether Azure Cloud Service meets your needs. But it not the best choice.
The Best Practice:
Microservices architecture design
In short,create a Azure Gateway service, and your other microservice can be deployed in any where.(azure app service, vm or aks)
You just make sure you can access your microservices in your internal or public network environment.
If you're just learning, or the app isn't actually used by a lot of users, you can try the following suggestions:
Use SignalR (not azure signalr) to replace the websocket in your current project.
You have on azure app service, you can deploy your Gateway API Application to app service, and your other microservices can be deployed to Virtual Application in azure app service.

Connect another server on azure App Service

I have a website on the namecheap server and an application on microsft azure deploy on Azure App Service I would like to send post requests from my namecheap server to azure which contains the application my questionis this possible and also isn't there a security risk?
thank you for your help
Web programs are accessed through HTTP Requests. The security risk you mentioned does not exist.
In webapp, the security of web application data is what we need to care about.
After passing the authentication, the data can be curd according to the authority to ensure the security of the program.
It is recommended that you deploy the azure webapp program to increase the authentication function, such as jwt token.

Azure Virtual Machine - Rest API calls are not working

We are developing a app on azure virtual machine and the VM has ngnix installed with TLS version 1.2. The app consists of two action which performs salesforce and office365 oauth flow. The app worked pretty fine on local and azure app service too.
Problem
For some reason, we are moving the app to azure VM. Here is the problem, after oauth the flow returns a code and we need to generate the access_token using that code through a https request to office365 endpoint. The endpoint response is either timeout or Error Read ECONNRESET.
Analysis
The only working URLs,
http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net
https://myapp.vault.azure.net/secrets/{Secret-Name}?api-version=2016-10-01
Both the above is used to fetch the access token and key vault secrets. Luckily, this is working pretty fine and I am able to get all the secrets from azure key vault.
But the below urls are either no response timeout or Error: Read ECONNRESET
https://login.microsoftonline.com/{Tenant-Id}/oauth2/v2.0/token
https://test.salesforce.com/services/oauth2/token
I’ve also tried other public or fake rest APIs like,
https://reqres.in/
https://jsonplaceholder.typicode.com/
None of them seems to be working. Does anyone faced this kind of issue?
Just clarify the answer from the comments for more references.
The Error Read ECONNRESET means the other side of the TCP conversation abruptly closed its end of the connection. This is most probably due to one or more application protocol errors. Refer to this SO for details.
Moreover, you have only working URLs from Azure Instance Metadata service and Azure Key Vault service, other public or fake rest APIs are failures. So you properly face internet connectivity issue on that VM or VNet itself. You could check if the firewall is blocking the outbound traffic to the Internet on the local VM or NSG rules.
In the end, some change in the firewall settings fixes this issue.

Windows Authentication in IIS

I have 2 web services A and B hosted under the same web site. Web Service A uses/calls the APIs of web service B.
Both the services are using the "Custom Application pool" as they need to access Database...and I need to use Windows Authentication for both the services.
So when I try to call the API of service A, it prompts me for userName and password and after that it throws an error.
Now if I change the authentication of web service B to anonymous, it works fine.
It seems to be double-hop issue but I am not sure how to fix it..
Please help me in fixing this issue..
Thanks

Azure Service Bus Relay and TrackingId: where to find more information on errors

we are using Azure Service Bus Relay to connect to a on-premise intranet WCF service from a web site on the internet. It has been working fine for months.
Since yesterday the serice was not reachable from outside (bad gateway, TrackingId:4a7a01ed-2059-4720-aba5-f61ee808a86e_G2).
On the Azure Classic Portal I can see that see on-premise service is correctly registered to the Service Bus Infrastructure (it correctly show 1 Http listener to the service), so I'm suspecting something else...
Does anybody know where I can type my TrackingId and know more about the "inner error"?
I wasn't able to find anything on the Azure Portal and documentation on the matter is non-existent.
Is contacting Microsoft support the only way to have more info?
Thank you for your help
Yes support will be the only option for this and they will need this trackingid to find the exact issue.

Resources