We have a Windows Azure cloud service application i.e. ASP.NET MVC web application which is hosted on production slot and uses SSL , it also has ACS configured on it.
I want to deploy the same application on the Staging slot of the cloud service where we have this GUID.cloudapp.net.
Is it possible that, when my application is running in the staging slot it will refer to another web.config and when I will swap the deployment to the production slot then the application should refer another web.config?
Why I want to do this is because I have ACS configured on my application whose settings are defined in the web.config file e.g. realm.
Any feedback on this will be appreciated.
I have managed this by modifying the web.config on Role start method.
More information at - ACS settings in Windows Azure cscfg
Related
We have a dotnet core 3.1 console application. It is deployed to on-premise Windows server. There is some sensitive information that we would like to keep in Azure Key Vault. However, instead of accessing Key Vault directly, we would like to access it via App Configuration service.
https://learn.microsoft.com/en-us/azure/architecture/solution-ideas/articles/appconfig-key-vault
Above article mentions that any application can use Azure App Configuration (under Potential use cases).
Does "any" include application hosted outside of Azure? If so, can you share high level steps on how to access App Configuration service from dotnet core app that is not running in Azure.
it seems that any means any, looks like the steps remains the same as long as the connection string to config services work, i'll do some testing with quick start material and let you know..
Best!
Here's the situation: I have an account in the azure active directory of my company with several subscriptions. I am building an ASP.NET Framework application for a client. This application is going to be hosted in their own azure environment, so to set this up, they added my email address to their azure active directory. Now in the azure portal I can use the button "change active directory" to either view my company's resources or my client's.
I set up a keyvault in my client's azure environment and I added keyvault as connected service to my application using these instructions. My application is running locally in local IIS, so I set up the application pool to use my user account so it has access to my azure subscriptions.
The issue here is that I still get an error when I try to run the application. The ysod says that azure gives a 401 response when trying to access the keyvault. I see that it's trying to use the guid that is associated with my company's azure active directory (I don't know what the name of this guid is). Obviously, I can't access resources from my client's azure environment with my company's azure active directory.
As an attempt to get more information, I built a small console application and used the same procedure to add keyvault as a connected service, since the internet says that the console application gives more details than the ASP.NET application. However, when I run my console application, I don't get any errors at all and I can access my client's keyvault just fine.
This makes me believe that there is some setting in my user account or IIS that I need to change to make this work, but I can't find what it is.
How can I make my ASP.NET Framework application, running locally in IIS, access a keyvault as connected service in my client's azure environment?
This should work, try to follow this to re-login your user account in VS and make sure you have modified your ASP.NET Framework project.
If it still not work, you could ask your client to create a work account for you in their Azure AD tenant and add it to the keyvault access policy, then use the account to login VS and test.
I have developed a Azure Service Fabric service .Net core 2.2 which contains a controller and some API methods inside it. I deployed the service on local cluster and its working fine. I am able to access the api endpoints.
But now I need to deploy it on local IIS too. I published the service project that contains my controller, and when I try to deploy it on local IIS as we usually do while deployment of other apps, I get an error "HTTP Error 500.0 - ANCM In-Process Handler Load Failure". I am googling for this and trying to find solution but no success yet.
Is there any particular setting or process that needs to be followed to deploy Azure Service Fabric service on IIS ? I am unable to figure out what I am missing.
Any suggestions or ideas?
When you create a Service Fabric service, the runtime need to talk to the Service Fabric System Services at startup. If you deploy it to IIS, it does not have a cluster to talk to.
If you want to make an API flexible to be hosted either on Service Fabric or IIS, you need to decouple the hosting logic from the API.
In this case, you can either create two different hosts, or:
in the host entry point, check if you are running inside SF, if yes you start the Service Fabric Service otherwise you start a self-hosted or IIS version.
There are quite a few questions in SO with examples like this, worth a search to check which one fits your needs.
We have a ASP.NET MVC web application configured to use ACS and deployed on the Windows Azure.
The application has all ACS settings like realm in the web.config file.
Is it possible to have all ACS settings or at least realm setting in the Windows Azure cloud service configuration file? so that it can be modified directly from the portal at any time and there is no need to re-deploy the application?
Any help on this will be appreciated.
Yes. Vittorio describes a solution in his blog post at http://www.cloudidentity.com/blog/2011/05/31/EDIT-AND-APPLY-NEW-WIF-S-CONFIG-SETTINGS-IN-YOUR-WINDOWS-AZURE-WEBROLE-WITHOUT-REDEPLOYING/.
I have a windows service that hosts the main WCF service. The clients for this service are both hosted in IIS 7, the first one is an IIS hosted WCF service and the second is a standard Asp.Net application. Both of the IIS hosted clients communicate with the windows service over named pipes.
The IIS hosted WCF service can communicate with the windows hosted WCF service perfectly, but the Asp.Net service fails with this error:
The pipe name could not be obtained from the pipe URI: Access is denied.
My first reaction is that this is a permissions issue somewhere, but I dont know where. And second, why would the IIS hosted WCF service be able to communicate without issue, but the Asp.Net application fail?
Ok, I solved it, or rather I figured out where the permission issue was.
It turns out the Anonymous Authentication setting was using some weird user created by our client (the physical person, not our WCF client), and not the NetworkService user (the identity the app pool was using).
But this almost begets another question: Why were even newly created sites defaulting to this IUSR and not the system defaults? In anycase, I just hope this gets indexed in google as, there were virtually no articles relating to it.
Check the Identity of the Application Pools that the WCF and ASP.NET services resides in.
Maybe the WCF service's AppPool has an identity that has different rights than the other AppPool?
Also, you might want to note that IUSR is the default IIS7 account for Anonymous accessors. See Understanding the Built-In User and Group Accounts in IIS 7.0 for an explanation of the default accounts.
Hope this is helpful.