Geek Answers Handbook

Unable to make changes to WebAdministration in Azure Web Role

I have an Azure web role running in the new 1.3 SDK, and I'm having permission issues when trying to make changes to IIS using Microsoft.Web.Administration.ServerManager . Whenever I execute CommitChanges() , this causes this error:

UnauthorizedAccessException "Unable to write configuration file due to insufficient permissions."

My ServerManager code is executing in the OnStart method of RoleEntryPoint .

My understanding was that the goal of moving to full support for IIS in 1.3 was that we could have more control over the configuration of our application, including creating new IIS sites on the fly, if necessary.

+6
iis azure
source share
3 answers

Make sure your role is run with elevated privileges.

+7
source share

I think there are two questions here. First, using IIS in Azure. Yes, using the 1.3 SDK, we now have access to more functions than before. This means that we can configure several sites and virtual directories for our sites in configurations, as shown in the training kit .

Secondly, there is a problem with the privileges you get when trying to make changes programmatically. I assume that you are not trying to do one of what you can simply do through the above configuration. The most likely reason your code is a bug is because web roles do not start with administrative privileges. Fortunately, in the 1.3 SDK, we also have a way to run code with elevated privileges. As shown in another tutorial, you can create a separate .exe that you specify to run on startup with elevated privileges in the configuration.

+1
source share

Providing a clear example for reference to @smarx answer.

Here is the configuration to run RoleEntryPoint.OnStart ( WebRole.Onstart ) with administrator privileges.

 <ServiceDefinition name="MyProject.Azure" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6"> <WebRole name="MyProject.WebRole" vmsize="Small"> <Runtime executionContext="elevated"/> <!-- Required for certain WebRoleOnStart tasks (avoid insufficient permission errors) --> <Sites> <!-- ... --> </Sites> </WebRole> </ServiceDefinition>
0
source share

More articles:


All Articles