HTTP Error 500.30 Azure.RequestFailedException

Question

HTTP Error 500.30 Azure.RequestFailedException

I used Visual Studio 4.8.04084 to push my app to Azure App Services. I have configured my connections for

Azure App Configuration
Azure Key Vault
Azure SQL Database: my data
Azure SQL Database: identity service
Azure Storage
Sectrets.json

When I run the app through the Kestral service locally, everything performs fine. However, when I run it through IIS I get the following issues:

Visual Studio Exception message

Exception thrown: 'Azure.RequestFailedException' in Microsoft.Extensions.Configuration.AzureAppConfiguration.dll
Exception thrown: 'Azure.RequestFailedException' in Navrae.WebApp.dll
An exception of type 'Azure.RequestFailedException' occurred in Navrae.WebApp.dll but was not handled in user code
Service request failed.
Status: 403 (Forbidden)


Headers:
Server: openresty/1.17.8.2
Date: Wed, 31 Mar 2021 15:39:42 GMT
Connection: keep-alive
x-ms-request-id: 09275563-49a0-40e6-88e2-**** (dotting these out just in case)
x-ms-client-request-id: 9adcfd53-1a94-43df-aac8-**** (dotting these out just in case)
x-ms-correlation-request-id: 09275563-49a0-40e6-88e2-**** (dotting these out just in case)
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: DNT, X-CustomHeader, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Authorization, x-ms-client-request-id, x-ms-useragent, x-ms-content-sha256, x-ms-date, host, Accept, Accept-Datetime, Date, If-Match, If-None-Match, Sync-Token, x-ms-return-client-request-id, ETag, Last-Modified, Link, Memento-Datetime, retry-after-ms, x-ms-request-id, x-ms-client-session-id, x-ms-effective-locale, WWW-Authenticate
Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Length: 0

'iisexpress.exe' (CoreCLR: clrhost): Loaded 'C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\Remote Debugger\x64\Runtime\Microsoft.VisualStudio.Debugger.Runtime.NetCoreApp.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
The program '[22720] iisexpress.exe' has exited with code -1 (0xffffffff).

Azure App Service Log

at Azure.Data.AppConfiguration.ConfigurationClient.d__42.MoveNext() at
 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at
 Azure.Core.PageResponseEnumerator.FuncAsyncPageable`1.d__2.MoveNext() at 
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.GetResult(Int16 token) at 
Azure.Core.PageResponseEnumerator.FuncAsyncPageable`1.d__2.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at Azure.AsyncPageable`1.d__6.MoveNext() at 
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Azure.AsyncPageable`1.d__6.MoveNext() at 
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.GetResult(Int16 token) at 
Azure.AsyncPageable`1.d__6.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token) at 
Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.<>c__DisplayClass20_1.<b__2>d.MoveNext() at
 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.<>c__DisplayClass20_1.<b__2>d.MoveNext() at 
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at 
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at 
System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() at 
Microsoft.Extensions.Configuration.AzureAppConfiguration.TracingUtils.d__2.MoveNext() at 
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at 
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at 
System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() at 
Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.d__28.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at 
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at 
Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.d__20.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at 
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at 
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at 
System.Runtime.CompilerServices.ConfiguredTaskAwaitable.ConfiguredTaskAwaiter.GetResult() at 
Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationProvider.Load() at 
Microsoft.Extensions.Configuration.ConfigurationRoot..ctor(IList`1 providers) at 
Microsoft.Extensions.Configuration.ConfigurationBuilder.Build() at 
Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration() at
 Microsoft.Extensions.Hosting.HostBuilder.Build() at Navrae.WebApp.Program.d__0.MoveNext() in C:\Users\Work Laptop\source\repos\Navrae\Navrae.WebApp\Program.cs:line 19

Azure log link message*

{"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is missing."}}

When I debug the application it basically fails at CreateHostBuilder. None of my ConnectionStrings are populating and I don't know where or how to debug it further.

CreateHostBuilder

public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureAppConfiguration((context, config) =>
                {
                    var azConfigSettings = config.Build();
                    var azConfigConnection = azConfigSettings.GetConnectionString("REMOVED");
                    if (!string.IsNullOrEmpty(azConfigConnection))
                    {
                        // Use the connection string if it is available.
                        config.AddAzureAppConfiguration(azConfigConnection);
                    }
                    else if (Uri.TryCreate(azConfigSettings["Endpoints:REMOVED"], UriKind.Absolute, out var endpoint))
                    {
                        // Use Azure Active Directory authentication.
                        config.AddAzureAppConfiguration(options =>
                        {
                            options.Connect(endpoint, new DefaultAzureCredential());
                        });
                    }
                    var keyVaultEndpoint = new Uri(Environment.GetEnvironmentVariable("REMOVED")!);
                    config.AddAzureKeyVault(
                    keyVaultEndpoint,
                    new DefaultAzureCredential());
                })
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStartup<Startup>();
                });

azure

visual-studio

asp.net-core

azure-keyvault

asked on Stack Overflow Mar 31, 2021 by

Kent Hub

1 Answer

The error you are getting is HTTP 403 Forbidden.

What is probably happening is that:

when you run locally you are using your identity that has access to the Azure services.
when you run in IIS you are using the network service identity that does not have access to the Azure services.

In Azure App Services you can configure it to run as a "managed identity", you can then give that managed identity access to the services you are using.

answered on Stack Overflow Mar 31, 2021 by

Shiraz Bhaiji

User contributions licensed under CC BY-SA 3.0