snehapar9
commented
1 month ago Thanks for opening this issue @aitrailblazer! Can you please confirm if you have Write permission on your container app environment?
Closed aitrailblazer closed 2 weeks ago
snehapar9
commented
1 month ago Thanks for opening this issue @aitrailblazer! Can you please confirm if you have Write permission on your container app environment?
Fazer01
commented
1 month ago Following this. Having the same issue here.
@snehapar9 How to verify "Microsoft.App/managedEnvironments/write" permission? We only have the ability to set Owner / Contributor via RBAC.
Regards,
aitrailblazer
commented
1 month ago Please elaborate with step by step
snehapar9
commented
1 month ago @Fazer01 Owner/Contributor should have Write permissions. Can you please share your environment name and subscription Id to acasupport@microsoft.com? We will take a closer look.
snehapar9
commented
1 month ago @aitrailblazer Thanks for contacting ACA Support. We performed mitigation steps on your environment. Can you re-try and let us know if you can access the Dashboard?
aitrailblazer
commented
1 month ago Dear Aspire support,
I confirm I can access the dashboard now.
I had to add
https://
Speaking of my App Registration I configured Microsoft Identity but I lost all interactivity and also this:
Losing the socket connection.
I followed:
I like aspire very much and I would like to have Authorization.
Much better if I can do this:
Overview - External ID in external tenants - Microsoft Entra External ID | Microsoft Learnhttps://learn.microsoft.com/en-us/entra/external-id/customers/overview-customers-ciam Secure your apps using External ID in an external tenant
umnex
commented
1 month ago I'm having the same issue. Cannot access dashboard after granting both "Owner" & "Contributor" roles to my account. Please note that my account is a guest in this azure tenant.
umnex
commented
1 month ago getting error: "Could not authenticate user with requested resource."
umnex
commented
1 month ago hi, any help would be appreciated. still getting the same error.
snehapar9
commented
1 month ago @umnex performed mitigation on your environment. Please confirm if you can access the dashboard.
aitrailblazer
commented
1 month ago I tested it and received an error: Access was denied
snehapar9
commented
1 month ago @aitrailblazer can you please share more details?Are you seeing a 403?
aitrailblazer
commented
1 month ago The message was:
You are not authorized to view ....
Now it is OK:
But there is another issue:
I added Microsoft Entra External ID: Socket connectivity is not working
Interactivity is not working
anthonychu
commented
1 month ago The websocket + auth error is likely unrelated to the Aspire dashboard authentication issues in this thread and we can track it separately at #1236
9hsein5
commented
1 month ago I am facing the same issue, since yesterday @snehapar9
asantacroce
commented
1 month ago I am also experiencing issues with accessing the Inspire Dashboard, for my case:
My environment where this happens is the following: emybot-dev-acaenv
iturner100
commented
1 month ago I'm also getting the 403 when trying to access the dashboard.
I'm seeing it both within an environment running my own applications (blazor web, .net 8 api) as well an environment running the quick-start hello world image.
I have owner rights on the subscription the container apps and environments are in
MrDeej
commented
1 month ago I have same issues, 403 on all my dashboards, so right now I am blind to my logs.
Tried app registration fix described over with both: https://aspire-dashboard.ext.{azure resource name}.norwayeast.azurecontainerapps.io/.auth/login/aad/callback https://aspire-dashboard.ext.{azure resource name}.norwayeast.azurecontainerapps.io/signin-oidc
But no success
umnex
commented
1 month ago I think the aspire dashboard should be deployed as a separate independent resource within the resource group so that we can manage all of its aspects on our own.
umnex
commented
1 month ago I'm still unable to access the dashboard in 2 different environments.
jedjohan
commented
1 month ago I think the aspire dashboard should be deployed as a separate independent resource within the resource group so that we can manage all of its aspects on our own.
That sounds like a great idea !
MrDeej
commented
1 month ago @davidfowl I think your orchestration is broken. I got 403 Dashboard on a freshly new Aspire Starter kit when deployed with azd.
umnex
commented
1 month ago Can we please get an update on this? when can we expect this issue to be resolved?
chosh-capa
commented
1 month ago same here
bbowers0
commented
1 month ago I'm having this same issue in two different accounts/subscriptions where I am an owner.
MrDeej
commented
1 month ago Up and running again today. I did nothing. Magical.
bbowers0
commented
1 month ago The dashboard works if I launch it in an InPrivate or Incognito window so that it prompts me to sign in. This worked for a work Microsoft account. The sign in UI for the dashboard doesn't allow me to specify whether it's a work or personal account and it just picks the work account, so I can't view the dashboard associated with my personal Microsoft account.
aitrailblazer
commented
1 month ago this and the issues that Aspire cannot work with External ID and native authentication is making it not GA and no usable right now. There is a long way till GA.
simonjj
commented
1 month ago We have a fix for the original parent issue raised. We will be rolling this into the fleet over the coming weeks. Until this is fix is available everywhere. Please send an email to acasupport and reference this issue for us to reconcile this for you manually.
simonjj
commented
1 month ago To additionally clarify the 403 issue mentioned in the comments is unrelated to the parent issue and is being tracked in #1238
MrDeej
commented
1 month ago
I am so tired of seeing this page instead of my highly valued logs and traces. Can you please fix whatever that is wrong?
ijn-kruso
commented
1 month ago I'm having the same issues. I have Contributor role for the Container App.
snehapar9
commented
1 month ago The fix for this issue has been rolled out. Please let us know if you continue to encounter this error.
snehapar9
commented
1 month ago I'm having the same issues. I have Contributor role for the Container App.
@ijn-kruso can you please confirm you have Contributor/Owner permission on the Container App environment?
ijn-kruso
commented
1 month ago I'm having the same issues. I have Contributor role for the Container App.
@ijn-kruso can you please confirm you have Contributor/Owner permission on the Container App environment?
Just checked - and I'm Contributor on the Container App Environment as well, and still, getting the same error: Could not authenticate user with requested resource.
ijn-kruso
commented
3 weeks ago I'm having the same issues. I have Contributor role for the Container App.
@ijn-kruso can you please confirm you have Contributor/Owner permission on the Container App environment?
Just checked - and I'm Contributor on the Container App Environment as well, and still, getting the same error: Could not authenticate user with requested resource.
FYI @snehapar9 Still having this issue as of today.
bishwaranjans
commented
3 weeks ago It is the same issue for me. Could not authenticate user with requested resource.
snehapar9
commented
3 weeks ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate.
Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
snehapar9
commented
3 weeks ago @bishwaranjans you mentioned you were able to access the dashboard after you modified permissions on the environment level? Are you still seeing this error?
ijn-kruso
commented
3 weeks ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate.
Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
I can confirm i have Contributor access. When i go to the Container Environment -> Access control (IAM) -> View my Access.
To confirm, from what you're saying, Contributor is not enough when it's Inherited from Resource Group? Is this intended? We need to manually add Contributor directly on the Container Environment?
snehapar9
commented
2 weeks ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate. Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
I can confirm i have Contributor access. When i go to the Container Environment -> Access control (IAM) -> View my Access.
To confirm, from what you're saying, Contributor is not enough when it's Inherited from Resource Group? Is this intended? We need to manually add Contributor directly on the Container Environment?
@ijn-kruso correct. we are working on rolling out a fix for inherited permissions from resource group to be propagated properly.
simonjj
commented
2 weeks ago Fix should be available and rolled out now. Please open a new issue if this should come back up.
ijn-kruso
commented
2 weeks ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate. Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
I can confirm i have Contributor access. When i go to the Container Environment -> Access control (IAM) -> View my Access.
To confirm, from what you're saying, Contributor is not enough when it's Inherited from Resource Group? Is this intended? We need to manually add Contributor directly on the Container Environment?
@ijn-kruso correct. we are working on rolling out a fix for inherited permissions from resource group to be propagated properly.
@snehapar9 I'm working as a consultant and getting new permissions added can be a lengthy process. Can you update the ticket once the "inherited permissions fix" is available?
snehapar9
commented
2 weeks ago @ijn-kruso sure, I will. Thanks!
I'm following: See live data on Azure Container Apps with the Aspire dashboard https://techcommunity.microsoft.com/t5/apps-on-azure-blog/see-live-data-on-azure-container-apps-with-the-aspire-dashboard/ba-p/4147938
Troubleshooting You may receive an authentication error when accessing the dashboard – “Could not authenticate user with requested resource.” To solve this problem, ensure you have been granted "Microsoft.App/managedEnvironments/write", "Contributor", or "Owner" on the container app environment resource.
This issue is a: (mark with an x)
Issue description
I'm following the instructions in assigning Contributor, Owner role
but received :
Could not authenticate user with requested resource.
Steps to reproduce
1) Deploy a .NET Aspire project to Azure Container Apps https://learn.microsoft.com/en-us/dotnet/aspire/deployment/azure/aca-deployment 2) Quickstart: Build your first .NET Aspire project https://learn.microsoft.com/en-us/dotnet/aspire/get-started/build-your-first-aspire-app?pivots=dotnet-cli
Granted Owner status for the Container Apps Environment
Expected behavior [What you expected to happen.]
to be able to view the dashboard.
Actual behavior [What actually happened.] Could not authenticate user with requested resource.