question

KhalidAmen-6358 avatar image
0 Votes"
KhalidAmen-6358 asked SnehaAgrawal-MSFT rolled back

Deploy to Azure Web App sub-directory

I have configured the sub-directory for my app in Path Mappings like this:
Virtual Path Physical Path Type
/ site\wwwroot application
/myapp site\wwwroor\myapp application

I deployed my app using DevOps CI/CD. I pointed Virtual Application to /myapp. It deployed successfully, but when I run the app, I got an error. When I deploy the app directly to wwwroot folder, I have no issue and I do not get the error.

CoreCLR Version: 4.6.29215.2
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.GetSecretsWithHttpMessagesAsync(String vaultBaseUrl, Nullable`1 maxresults, Dictionary`2 customHeaders, CancellationToken cancellationToken)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretsAsync(IKeyVaultClient operations, String vaultBaseUrl, Nullable`1 maxresults, CancellationToken cancellationToken)
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.LoadAsync()
at Microsoft.Extensions.Configuration.AzureKeyVault.AzureKeyVaultConfigurationProvider.Load()
at Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers)
at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build()
at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors)
at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build()
at myapp.Main(String[] args) in D:\a\1\s\Program.cs:line 33

Application '/LM/W3SVC/1475845380/ROOT/myapp' with physical root 'D:\home\site\wwwroot\myapp\' failed to start process with commandline 'dotnet .\ACSIdentityServer.dll' with multiple retries. Failed to bind to port '34162'. First 30KB characters of captured stdout and stderr logs from multiple retries:

Process Id: 14144.
File Version: 13.1.19331.0. Description: IIS ASP.NET Core Module V2 Request Handler. Commit: 62eee6e6d21c95668a9e9529dce6562cc6c9f3bf


azure-webapps
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for asking question! Could you please elaborate on what are you trying to achieve or share any document you are following ? If you are trying to set up a web app, hosted in Azure to read settings from Azure KeyVault?

Looking at the " Exception Info: Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden':
looks like permission issue. Could you please share more details on this to help you better on this.

0 Votes 0 ·
KhalidAmen-6358 avatar image
0 Votes"
KhalidAmen-6358 answered KhalidAmen-6358 published

I have three projects, the main one is angular goes under the root (wwwroot), identity server goes under site\wwwroot\identityserver (.Net Core), and api (.Net Core) goes under site\wwwroot\api. I can run each one separately in its own web app without any issue and they are connected, but I want to use one web app. I know that the issue might be with KeyVault. I already have KeyVault set or created to this this app. I added the following in my appsettings:

"KeyVault": {
"BaseUrl": "https://mykeyvault.vault.azure.net/",
"KeyName": "myappatkvssl"

and I have created KeyVault with certificate name "myappatkvssl", I added myapp to access policies. As I said that it works when I deployed directly to wwwroot. Is there any settings I need to do in KeyVault, access policies, or the app its? Since now the identity server is in subdirectory not in the main directory. Also, I have set the identity server as an application type not directory type. Does this make any difference?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered

Thanks for reply! Could you please ensure that the Service Principal you are using is added having appropriate permissions. Forbidden may be also happen when one of the secrets was disabled.

101764-demo2.png

Also, check if the KeyVault has restricted network access try toggling to see if this is issue. Check this blog on Key Vault Firewall access by Azure App Services

Also, only select principal and add web app and don't select authorized application as below screen shot.

101704-demo1.png

Let us know if issue remains.


demo2.png (13.1 KiB)
demo1.png (155.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sadomovalex avatar image
0 Votes"
sadomovalex answered SnehaAgrawal-MSFT converted comment to answer

if you upload some static file to this sub folder (e.g. txt file) - can you access it from there?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KhalidAmen-6358 avatar image
0 Votes"
KhalidAmen-6358 answered SnehaAgrawal-MSFT commented

Thank you for response. I have solved the issue. It had to do with the web.config file. I had to use

stdoutLogEnabled="true" stdoutLogFile="\\?\%home%\LogFiles\stdout" hostingModel="inprocess" />

instead of

stdoutLogEnabled="true" stdoutLogFile=".logs\stdout" hostingModel="inprocess" />

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to know the issue resolved. Appreciate for sharing the steps which helped you, this would certainly benefit other community members.

Please accept correct answer which helps. Original posters help the community find answers faster by identifying the correct answer. Thanks again

0 Votes 0 ·
KhalidAmen-6358 avatar image
0 Votes"
KhalidAmen-6358 answered SnehaAgrawal-MSFT rolled back

I have one more issue. As I explained above that the projects deployed under two paths. The first application is a .Net Core 3.1 API service and the second is .Net Core 2.2 identity server. Identity Server application works fine and I can run it. The API application throws an error

HTTP Error 500.35 - ANCM Multiple In-Process Applications in same Process
Common solutions to this issue:
Select a different application pool to create another in-process application.
Troubleshooting steps:
Check the system event log for error messages
Enable logging the application process' stdout messages
Attach a debugger to the application process and inspect

The web.config file for API is :

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="" verb="" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\ApiService.WebApi.dll" stdoutLogEnabled="true" stdoutLogFile="\\?\%home%\LogFiles\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
</configuration>

and the web.config file for Identity Server is:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="" verb="" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\IdentityServer.dll" stdoutLogEnabled="true" stdoutLogFile="\\?\%home%\LogFiles\stdout" hostingModel="InProcess" />
</system.webServer>
</location>
</configuration>

My question is, can I run Core 2.2 and 3.1 applications on the same web app? How do I fix the issue? How do I make both of them working on one web app?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.