Reputation: 1902
Unable to commit WebAdministration changes in Azure Web Role
I have an Azure Web Role running in the new 1.3 SDK and I am having permissions issues when trying to make changes to IIS using the Microsoft.Web.Administration.ServerManager. Whenever I execute CommitChanges() it throws this error:
an UnauthorizedAccessException "Cannot write configuration file due to insufficient permissions".
My ServerManager code is executing in the OnStart method of the RoleEntryPoint.
My understanding was that the purpose of moving to full IIS support in 1.3 was so that we could have greater control over the configuration of our application, including creating new IIS sites on the fly if desired.
Upvotes: 6
Views: 1173
Answers (3)
Reputation: 31651
Providing a clear example for reference to @smarx answer.
Here is the configuration to run RoleEntryPoint.OnStart (WebRole.Onstart) with Admin-level privileges.
<ServiceDefinition name="MyProject.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="MyProject.WebRole" vmsize="Small">
<Runtime executionContext="elevated"/> <!-- Required for certain WebRoleOnStart tasks (avoid insufficient permission errors) -->
<Sites>
<!-- ... -->
</Sites>
</WebRole>
</ServiceDefinition>
Upvotes: 0
Reputation: 9409
I think there are two questions here. Firstly the use of IIS in Azure. Yes using the 1.3 SDK means that we now have access to more features than we did previously. This means that we can setup more than one site and virtual directories for our sites in the configs as shown in the training kit.
Secondly there is the privileges issue that you're getting while trying to make changes programatically. I'm going to presume that you're not trying to do one of the things that you can simply do through the config above. The most likely reason your code is erroring is because web roles are not run with admin privileges. Fortunately in the 1.3 SDK we also have a way to run code with elevated privileges. As shown elsewhere in the training kit you can create a separate .exe that you specify to be run at startup with elevated privileges in the config.
Upvotes: 1
Related Questions
- Azure global admin cannot(disabled) add roles under "Access Control(IAM)"
- Azure Web App Configuration not able to Edit/Delete
- Deploy a web role in Azure
- Cannot deploy to Azure
- Changes in Windows Azure web role via remote desktop are not propagating
- Azure web role no longer copies web.config to role directory
- Azure web role process not loading web.config?
- windows azure web role not available while upgrading
- Windows Azure - Role entrypoint could not be created
- Unable to deploy web application using web deployment tool