How to debug "You do not have permission to view this directory or page"?

Question

After I published an ASP.NET Core app to Azure from Visual Studio 2017 I am getting this message when I click on the app url:

It was working fine before. Is there a way to figure out what's wrong with my pushed changes?

May be the following link(s) helps https://stackoverflow.com/questions/48853599/azure-website-message-you-do-not-have-permission-to-view-this-directory-or-page https://www.troyhunt.com/disabling-ssl-3-in-azure-websites-and/ — Venkataramana Madugula, Feb 18 '18 at 16:27
sometimes something get corrupted for some reason in the process of publishing, in my case I just had to restart my web app. App Services > Your Web App > Overview > click Restart. — Antonio Correia, May 09 '19 at 16:54

score 53 · Accepted Answer · edited Sep 08 '22 at 16:34

53

You do not have permission to view this directory or page.

That's basically a hint when Azure encounters an error while running your web app. Since its in production, it does not show any useful error messages. For testing/debugging purposes you can turn on the Azure detailed messaging, and turn back off when its ready for production. To do so, you have to follow these two steps,

Login to Azure > App Services (left side menu) > Your Web App > App Service logs (search box is at the top if you can't find it), then turn on Detailed Error Messages or turn on all of the logging options, up to you.
Add the following in your Web Config file: Add <customErrors mode="Off" /> BEFORE system.web closing tag, </system.web>. Similarly, add <httpErrors errorMode="Detailed"></httpErrors> BEFORE </system.webServer>. Finally, upload the Web Config to Azure and cross your fingers.

If you follow the steps correctly, that will show the error messages in detail and hopefully from there you will figure out what went wrong. Good Luck!

edited Sep 08 '22 at 16:34

Joan Gil

282
3
11

answered Feb 18 '18 at 17:11

Hafiz Temuri

3,882
6
41
66

3

The problem is that some source code files (of the app website) are missing. Is there some way to restore them. If not I will delete and recreate the app (the app is not public yet). – Adam Feb 18 '18 at 17:44
`source code files are missing` Can you elaborate on that, please? How they are missing? Did someone delete them? If you know what files are missing, you can re-upload them. Or if you still have a source code, you can try re-deploying the whole application. If the files are deleted from Azure, they are gone forever (I believe), unless you have configured backup on Azure. – Hafiz Temuri Feb 18 '18 at 17:51
2

Also, you can check all your web app files though `KUDU Console`. Follow this link, `.azurewebsites.net` > `Debug Console` (from top menu) > `CMD/PowerShell` > `Site` > `wwwroot`. That should contains all your files. – Hafiz Temuri Feb 18 '18 at 17:59
OK, I resolved it. I re-uploaded them. Now it is working. Thank you ! – Adam Feb 19 '18 at 08:11
+1 on missing files/404 - my case accidentally selected "prepend root folder name to archive paths" and it resulted in the hosted `wwwroot` having a folder called "dist" rather than the expected index.html etc. While the error was a 403, my actual case was a 404. – PotatoFarmer Jun 05 '20 at 17:33
@spottedmahn Does the web.config settings works for windows-based app other than dotnet or asp.net runtime? For example, nodejs or python? – Jimmy Jan 12 '21 at 03:28
For me it was web.config. Fixed the configuration and it started working. – Pratap Singh Mehra Apr 14 '21 at 07:56
@HafizTemuri Shouldn't it be `.scm.azurewebsites.net` ? – Jasir Mar 05 '22 at 15:55
@JasirKT I think `scm` takes you to the terminal? I could be wrong, it was 4 years ago. Things may have changed recently. – Hafiz Temuri Mar 06 '22 at 18:04
Yes @HafizTemuri, it still takes to the terminal. In your [comment above](https://stackoverflow.com/questions/48853599/how-to-debug-you-do-not-have-permission-to-view-this-directory-or-page/48854367?noredirect=1#comment84713026_48854367), didn't you mean to do it in terminal? – Jasir Mar 22 '22 at 10:24
Yes, you can go directly to through `scm`. But in my above comment, I mentioned going through `Debug Console`. Both ways will get you to the terminal. Either through `Debug Console (UI)` or directly through `.scm`. – Hafiz Temuri Mar 22 '22 at 20:11

score 13 · Answer 2 · answered Apr 09 '19 at 18:47

13

The fist thing you should do is actually go and check the folders if your war got unpacked inside the webapps folder. for that if your web url is "xyz.azurewebsites.net" then try to open xyz.scm.azurewebsites.net. This should redirect you to KUDU interface where you can see few tabs. From those tabs select Debug Console and then select CMD from the drop down. This should give you a folder structure.Now Go to site->wwwroot->webapps . There check if your war got unpacked.
If not then try restarting the web app and see id this does the trick. If while creating your app service plan you have selected the Standard pricing tier, change it to premium
Last but not the list you can enable logging for you app. Then go to Monitoring-> Diagnostics logs . Turn those setting on. Then select Log streaming(Just below Diagnostics logs).

Hope this help.

answered Apr 09 '19 at 18:47

user3351386

141
1
3

1

Thank you very much! In my case I was deploying an Angular application and my data was deployed to 'wwwroot/appname/' instead of 'wwwroot/'. I had already tried to check this via FTP but for some reason I was (and currently still am) not shown the actual data used by the webserver, which your solution does. – Gordon Westerman Apr 23 '20 at 03:20
I had the same issue. What I did was add that dir to the app service dir, like "dist/my-directory" – melkorCba Oct 31 '20 at 09:12
Thank you. This pointed me at the right direction. My zip file should be unpacking directly in the `wwwroot` folder. Turns out, my 7z bash command is including the parent (folder) directory of the files in the zip folder. – justadeveloper Mar 30 '23 at 05:20

Daleman · Answer 3 · 2019-01-11T23:32:11.477

7

From my experience, if your login user ID under Azure Active Directory (AAD), you have to modify in Settings:

Authentication / Authorization
App Service Authentication, "ON" =>> choose: Log in With Azure Active Directory
Select 'ActivityProvider', base on your purpose. In my case, I'm using AAD.
Configured (Express: Existing APP)
Manage Azure Active Directory: Manage Permission & Manage Application

For Manage Permission ==>> Add, In Delegate Permission, choose: Sign in and read user profile and refresh your browser to login again

edited Jan 11 '19 at 23:32

answered Jan 11 '19 at 09:17

Daleman

794
8
23

in my case, the auto-created application permission is having the problem. Manually remove the delegation (and everything that has a white exclamation mark) and then re-adding the permission worked for me. – Jamesits Apr 09 '19 at 02:30

score 5 · Answer 4 · answered Aug 01 '18 at 10:32

You do not have permission to view this directory or page.

This message show when you have restrict ip on IIS config. Check your Web.config file and add your ip address in security section like below:

<security>
<ipSecurity allowUnlisted="false">
<clear />
<add ipAddress="192.168.250.70" allowed="true" />
</ipSecurity >
</security>

Remove it if you do not want to restrict any ip address.

score 4 · Answer 5 · answered Feb 18 '18 at 16:47

4

From the error description, it is not very clear about what went wrong here.

You may check whether the deployed files are available or not using Kudu Console.

Also, make sure that your startup file (For ex: index.htm) is added to the default documents section.

I would suggest you refer Enable diagnostics logging for web apps in Azure App Service and Troubleshoot ASP.NET Core on Azure App Service to check the complete error details and root cause.

answered Feb 18 '18 at 16:47

AshokPeddakotla

1,010
7
18

I had a goof in my build process that failed to include the index.html so this error message can indeed be caused my missing the default page. A little misleading since I would have expected a 404 but I suppose it's actually saying that you do not have permission to directory browse at the root. – Ryan D Apr 15 '20 at 17:10

score 3 · Answer 6 · answered Nov 03 '21 at 22:26

Azure Pipelines

If you are using Azure Pipelines/Deployments there are some ways this goes wrong. Specifically, your output may be missing some of the files needed, or be structured incorrectly, for IIS to launch your app. The issue can arise for different reasons.

Archive contains root directory.

When you create your zip file, make sure you are not archiving the root folder. What happens is your /home/site/wwwroot directory looks like:

/home/site/wwwroot
    --RootFolder
      --LaunchFile

When IIS is expecting

/home/site/wwwroot
    --LaunchFile

This is easy to fix by adding includeRootFolder: false to the ArchiveFiles@2 task.

- task: ArchiveFiles@2
  displayName: 'Archive files'
  inputs:
    includeRootFolder: false

Alternatively, if using the Web UI in the Root folder or file to archive section ensure that Prepend root folder name to archive paths is not checked.

Build vs Publish

Using the .NET Core task to build the project or solution can result in output that will not work in the /home/site/wwwroot directory. The key here is to choose the publish option, not the build option. build was working for us and then did not for one of our projects. Changing to publish made it work again.

- task: DotNetCoreCLI@2
  inputs:
    command: 'build'
    projects: 'MyProj/MyProj.csproj'
    arguments: '--output $(Build.BinariesDirectory)/WhereYouWantFilesForNextStep --configuration Release'

Instead, use the publish command.

steps:
- task: DotNetCoreCLI@2
  inputs:
    command: publish
    arguments: '--configuration Release -o $(Build.BinariesDirectory)/WhereYouWantFilesForNextStep'

Zip File is not Mounted

Zip archives deployed to Azure are stored in

 Directory of D:\home\data\SitePackages

11/03/2021  06:24 PM    <DIR>          .
11/03/2021  06:24 PM    <DIR>          ..
11/03/2021  04:24 PM        66,278,978 20211103162437.zip
11/03/2021  06:24 PM        73,799,022 20211103182443.zip
11/03/2021  06:24 PM                18 packagename.txt

And, if the following Application Setting is provided:

WEBSITE_RUN_FROM_PACKAGE = 1

Then IIS will mount the zip archive specified in packagename.txt to the D:\home\site\wwwroot.

D:\home\data\SitePackages>cat packagename.txt
20211103182443.zip

Note that 20211103182443.zip is the name of one of the .zip file listed in D:\home\data\SitePackages directory. Now if WEBSITE_RUN_FROM_PACKAGE is toggled the contents of D:\home\site\wwwroot will change.

Useful Resources

Additional reading is available at Microsoft Docs: Run your app in Azure App Service directly from a ZIP package.

If you want to examine the contents of the zip file directly, PowerShell will work in the console provided at App Service > Development Tools > Console and has access to the Unzip command.

D:\home\data\SitePackages>PowerShell Unzip -l 20211103162437.zip
Archive:  20211103162437.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
    25600  2013-07-17 23:18   AForge.Genetic.dll
    ...

score 3 · Answer 7 · answered Jan 04 '22 at 11:31

I deployed the angular application from visual studio code and these are the changes that I have made which got me the application working.

Configuration > Default Documents -

Configuration > Path mappings > Virtual applications and directories (edit the Physical Path)-

my app name is client, you have write your app name site\wwwroot\dist<yourappname>

score 2 · Answer 8 · answered Dec 23 '20 at 14:32

2

In my case Azure DevOps was creating deployment package within extra build folder, so path was build/wwwroot instead of just wwwroot.

I had to uncheck 'Prepend root folder name to archive paths' on my build pipeline.

answered Dec 23 '20 at 14:32

0lukasz0

3,155
1
24
40

score 1 · Answer 9 · answered Mar 23 '19 at 17:14

1

In fact , you need to upload your index.php file direct to wwwroot (inside "site" foler)

answered Mar 23 '19 at 17:14

zaid mukattash

27
1

index.php? this is not php. – Klom Dark Sep 13 '21 at 20:50

score 1 · Answer 10 · answered Jul 18 '19 at 09:15

1

Just to add to the solutions: in my case I updated the application but the application pool was set to "Always On" so something had "confused it". All I had to do was:

go to the site settings in the Azure portal
then select configuration under Settings
then select the General Settings tab on the configuration page
On the General settings tab switch "Always On" to Off
and reconnect to your site as normal.
When the site is back up and running switch "Always On" back to On.

answered Jul 18 '19 at 09:15

Michael Bond

131
3

Attempting this fix immediately resolved the issue for us. We deployed a dotnet Core application to Azure App Services, which was failing with the above error. In all of our Terraform, we default always_on=true and have never had this issue before. For some reason, with our new Application, this became a problem. Do you know of any reason WHY "Always On" would cause this issue? – Sage Sep 17 '19 at 14:08

score 1 · Answer 11 · answered Aug 19 '19 at 20:06

1

To turn errors on on production I had to set the ASPNETCORE_ENVIRONMENT environment variable to 'Development' which can be found in your app service here:

answered Aug 19 '19 at 20:06

Jimmy

2,191
6
25
45

score 1 · Answer 12 · answered Jun 09 '21 at 02:26

I deployed straight from VS Code to Azure App Service with no pipelines set up.

In Azure in the App Service, go to configuration and under path mappings the physical path is by default set to site\wwwroot

You might need to tweak this depending on how your application structure looks like after the build

For me, since I built straight into the dist folder and my index.html is directly under that folder, I got it to work with:

site\wwwroot\dist\

But if you have the app name in the folder structure, you might need to do:

site\wwwroot\dist\<app name>\ or similar depending on where the initial file(e.g index.html) is

score 1 · Answer 13 · answered Dec 09 '21 at 01:31

1

This error message can also appear if you're using an API app in Azure App Service and have set authentication to return 401 Unauthorized. The solution is to set it to 302 redirect instead or make sure your http requests are sent with auth headers.

answered Dec 09 '21 at 01:31

William Xie

11
1

This worked for me. I had `Unauthenticated requests` authentication setting set to `HTTP 403 Forbidden`. Thank you! – SeaDude Sep 17 '22 at 03:43

score 0 · Answer 14 · answered May 17 '20 at 03:20

0

Another useful workaround is on the page Jimmy pointed out go to "Defaul documents" tab and add the name of your main file (it should be index.html) but if not add it.

That solved my problem.

answered May 17 '20 at 03:20

Eduardo Bernabe Sacahui Diaz

3
1
5

score 0 · Answer 15 · answered Jul 30 '20 at 23:44

Some of the answers on here are more generalized, which I consider to be better overall, but if you are working with Azure Pipelines, I do know that a common scenario in deploying an Azure Web App is that the pipeline simply chooses the incorrect deployment method for the pipeline task. In most basic cases for an IIS web app, e.g. ASP.NET, you will want to use WebDeploy. Simply set the parameters below as such:

UseWebDeploy: true
DeploymentType: 'webDeploy'

See the task reference for more details: https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment

score 0 · Answer 16 · answered Nov 29 '20 at 17:17

You are probably not zipping the right folder on your build pipeline.

I had the same problem and all I had to do to fix it was adding '/build' here:

- task: ArchiveFiles@2
  displayName: 'Archive files'
  inputs:
    rootFolderOrFile: front-end/presentation/build
    includeRootFolder: false

score 0 · Answer 17 · answered May 01 '21 at 00:39

0

We get this sometimes on build->release of a .net 4.7.2. web app (webdeploy). Rebuild/rerelease usually solves it. Restart/config changes, stop/start, nothing else works.

answered May 01 '21 at 00:39

Dmitri M

517
6
13

score 0 · Answer 18 · answered Oct 25 '21 at 09:17

My issue was related to aud in the token. In Azure AD you can either have the ApplicationId being populated. Or a more readable string (the url)

When I checked the configuration. Only the applicationId was allowed and not the url.

Thanks to this answer: https://stackoverflow.com/a/55298552/11348049

In the azure function. Navigate to authentication on the left tab. Edit the one in the list.

Then add the url to Allowed token audiences.

score 0 · Answer 19 · edited May 07 '22 at 17:12

0

Just need to add SCM_DO_BUILD_DURING_DEPLOYMENT = true in ApplicationSettings.

https://learn.microsoft.com/en-us/azure/app-service/quickstart-nodejs?tabs=windows&pivots=development-environment-vscode

edited May 07 '22 at 17:12

answered Mar 06 '22 at 12:20

phil

9
1

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/late-answers/31224521) – Andrew Halil Mar 10 '22 at 11:37

Raju Kuberagowda · Answer 20 · 2022-01-26T07:57:39.963

-1

I faced the similar issue . I resolved it by clicking on AppServices=>Authentication=> here make sure your remove the authentication. After removing the authentication. Here how it looks --

edited Jan 26 '22 at 07:57

answered Jan 26 '22 at 07:43

Raju Kuberagowda

27
5