Web.config Azure Web 角色的访问被拒绝
Access Denied on Web.config Azure Web Role
我的 Azure Web 角色突然停止工作并出现以下错误。
"Access to the path 'F:\sitesroot[=23=]\Web.config' is denied."
没有最近发布的更改或配置,直到昨天它都没有任何问题!我检查了 Web.config 的权限,我看到所有用户都有 Read/Execute。这是堆栈跟踪:
[UnauthorizedAccessException: Access to the path 'F:\sitesroot[=11=]\Web.config' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +216
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) +1430
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +205
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +87
System.IdentityModel.Tokens.UpdateValidatingIssuerNameRegistry.FlushDocument(String originalXml, String location) +218
System.IdentityModel.Tokens.UpdateValidatingIssuerNameRegistry.UpdateIssuerNameRegistryElement(String pathToConfig, String fedMetadataAddress, String serviceName) +493
Manager.MvcApplication.RefreshValidationSettings() in c:\GitHub\mfs_backoffice13_2.2\KCI.MFS.Manager\ManagerMFS\Global.asax.cs:37
Manager.MvcApplication.Application_Start() in c:\GitHub\mfs_backoffice13_2.2\KCI.MFS.Manager\ManagerMFS\Global.asax.cs:30
[HttpException (0x80004005): Access to the path 'F:\sitesroot[=11=]\Web.config' is denied.]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +12601629
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +175
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +304
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +404
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +475
[HttpException (0x80004005): Access to the path 'F:\sitesroot[=11=]\Web.config' is denied.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12618676
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +12458293
更新:
遇到问题后,我还重新启动、重新映像并重新部署了实例,但都没有用。我还尝试将我的文件复制到实例上的不同位置(在 D 驱动器中)并将其作为另一个站点添加到 IIS,但是当我尝试浏览它时它仍然给我同样的错误
我们问题的解决方案:
问题是我们在 ApplicationStart() 方法中修改 Web.config 以根据 Microsoft 建议的方法滚动我们的密钥用于滚动新的 public 键:Important Information About Signing Key Rollover in Azure AD
protected void RefreshValidationSettings()
{
string configPath = AppDomain.CurrentDomain.BaseDirectory + "\" + "Web.config";
string metadataAddress = ConfigurationManager.AppSettings["ida:FederationMetadataLocation"];
ValidatingIssuerNameRegistry.WriteToConfig(metadataAddress, configPath);
}
所以我停止使用 Microsoft 滚动 public 键的方法并解决了这个问题(现在我们需要每六个月手动更新一次 public 键)。但是我找不到为什么在 Azure Web 角色上更改了权限策略
我的 Azure Web 角色突然停止工作并出现以下错误。
"Access to the path 'F:\sitesroot[=23=]\Web.config' is denied."
没有最近发布的更改或配置,直到昨天它都没有任何问题!我检查了 Web.config 的权限,我看到所有用户都有 Read/Execute。这是堆栈跟踪:
[UnauthorizedAccessException: Access to the path 'F:\sitesroot[=11=]\Web.config' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +216
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost) +1430
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) +205
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +87
System.IdentityModel.Tokens.UpdateValidatingIssuerNameRegistry.FlushDocument(String originalXml, String location) +218
System.IdentityModel.Tokens.UpdateValidatingIssuerNameRegistry.UpdateIssuerNameRegistryElement(String pathToConfig, String fedMetadataAddress, String serviceName) +493
Manager.MvcApplication.RefreshValidationSettings() in c:\GitHub\mfs_backoffice13_2.2\KCI.MFS.Manager\ManagerMFS\Global.asax.cs:37
Manager.MvcApplication.Application_Start() in c:\GitHub\mfs_backoffice13_2.2\KCI.MFS.Manager\ManagerMFS\Global.asax.cs:30
[HttpException (0x80004005): Access to the path 'F:\sitesroot[=11=]\Web.config' is denied.]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app) +12601629
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +175
System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +304
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +404
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +475
[HttpException (0x80004005): Access to the path 'F:\sitesroot[=11=]\Web.config' is denied.]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12618676
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +12458293
更新:
遇到问题后,我还重新启动、重新映像并重新部署了实例,但都没有用。我还尝试将我的文件复制到实例上的不同位置(在 D 驱动器中)并将其作为另一个站点添加到 IIS,但是当我尝试浏览它时它仍然给我同样的错误
我们问题的解决方案:
问题是我们在 ApplicationStart() 方法中修改 Web.config 以根据 Microsoft 建议的方法滚动我们的密钥用于滚动新的 public 键:Important Information About Signing Key Rollover in Azure AD
protected void RefreshValidationSettings()
{
string configPath = AppDomain.CurrentDomain.BaseDirectory + "\" + "Web.config";
string metadataAddress = ConfigurationManager.AppSettings["ida:FederationMetadataLocation"];
ValidatingIssuerNameRegistry.WriteToConfig(metadataAddress, configPath);
}
所以我停止使用 Microsoft 滚动 public 键的方法并解决了这个问题(现在我们需要每六个月手动更新一次 public 键)。但是我找不到为什么在 Azure Web 角色上更改了权限策略