kudu: Cannot authenticate against Kudu site when deployed to custom Application Service Environment
I have a custom Application Service Environment in which I have stood up an Azure Web App instance. When I attempt to access <mywebsite>.scm.<myasedomain>.p.azurewebsites.net, instead of just being able to use the typical portal login process, I am prompted for basic authentication. Fine, I figured maybe portal based login maybe isn’t supported for ASEs for some reason, but I know my Deployment credentials*, so I enter those into the basic auth dialog, but they don’t work and I am repeatedly 401’d as if those credentials are no good either. I have no problem doing anything in a standard Azure Web Site deployment, it just isn’t working in the ASE.
Is the Kudu site maybe not supported in ASE scenarios yet?
* For the record I even reset my Deployment credentials, so I’m positive I’m entering the correct user/password for those.
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 19 (4 by maintainers)
@siddhsc - I got this to work by creating the two zones as outlined in the documentation and following @jonarmstrong’s recommendation :
(the @ might not be needed for the SCM zone actually but is needed for the ase zone)
I’m using bind dns server with my test environment, so this looks something like this for the ase zone:
The configuration for the SCM zone is similar.
Image below. Hope this helps.
This is how the setup that we used for testing. Probably same as what you described above.
Thanks a lot @jcbrooks92 and @holgerjay for your prompt response. I had found a way around this issue in the meantime. Like Jeremy suggested it was an issue with my DNS zone configuration only. As local host file entry was working previously. Also I am using a Private DNS Zone. I actually got it working through some trail and error while adding and removing few records in the DNS zone. Actually once it worked, I tried out many more combinations to see what is the minimum settings needed in this case. Tried with two zones and then with one.
Currently I have setup a single private dns zone with <asename>.appserviceenvironment.net. In this zone, I currently have 3 records added: A record for * pointing to ILB IP A record for @ pointing to ILB IP A record for *.scm pointing to ILB IP
Actually the third record is probably the one which I did not use correctly initially.
I think this is the minimum DNS zone configuration needed, based on my several tests today.
If any of you have other observations, please share.
Thanks once again for your prompt reponse and the suggestions. It was of great help! Cheers!
@siddhsc are you using private DNS zones? Its possible if everything is working correctly with the host file that your DNS zone is not configured properly. I would recommend a support case to investigate further since you have done some great isolation which will hopefully speed up resolution.
https://docs.microsoft.com/en-us/azure/dns/private-dns-overview
So why was this issue closed? It appears that this problem was never fixed, even though you’ve said almost 4 years ago that a fix is on the way. Is there a better solution to access kudu every time I have to download the publish profile, find the plain-text credentials inside it, and then manually type that into the basic auth popup box? This is problematic on so many levels.