snehapar9
commented
3 months ago Thanks for opening this issue @aitrailblazer! Can you please confirm if you have Write permission on your container app environment?
Closed aitrailblazer closed 2 months ago
snehapar9
commented
3 months ago Thanks for opening this issue @aitrailblazer! Can you please confirm if you have Write permission on your container app environment?
Fazer01
commented
3 months ago Following this. Having the same issue here.
@snehapar9 How to verify "Microsoft.App/managedEnvironments/write" permission? We only have the ability to set Owner / Contributor via RBAC.
Regards,
aitrailblazer
commented
3 months ago Please elaborate with step by step
snehapar9
commented
3 months ago @Fazer01 Owner/Contributor should have Write permissions. Can you please share your environment name and subscription Id to acasupport@microsoft.com? We will take a closer look.
snehapar9
commented
3 months ago @aitrailblazer Thanks for contacting ACA Support. We performed mitigation steps on your environment. Can you re-try and let us know if you can access the Dashboard?
aitrailblazer
commented
3 months ago Dear Aspire support,
I confirm I can access the dashboard now.
I had to add
https://
Speaking of my App Registration I configured Microsoft Identity but I lost all interactivity and also this:
Losing the socket connection.
I followed:
I like aspire very much and I would like to have Authorization.
Much better if I can do this:
Overview - External ID in external tenants - Microsoft Entra External ID | Microsoft Learnhttps://learn.microsoft.com/en-us/entra/external-id/customers/overview-customers-ciam Secure your apps using External ID in an external tenant
umnex
commented
3 months ago I'm having the same issue. Cannot access dashboard after granting both "Owner" & "Contributor" roles to my account. Please note that my account is a guest in this azure tenant.
umnex
commented
3 months ago getting error: "Could not authenticate user with requested resource."
umnex
commented
3 months ago hi, any help would be appreciated. still getting the same error.
snehapar9
commented
3 months ago @umnex performed mitigation on your environment. Please confirm if you can access the dashboard.
aitrailblazer
commented
3 months ago I tested it and received an error: Access was denied
snehapar9
commented
3 months ago @aitrailblazer can you please share more details?Are you seeing a 403?
aitrailblazer
commented
3 months ago The message was:
You are not authorized to view ....
Now it is OK:
But there is another issue:
I added Microsoft Entra External ID: Socket connectivity is not working
Interactivity is not working
anthonychu
commented
3 months ago The websocket + auth error is likely unrelated to the Aspire dashboard authentication issues in this thread and we can track it separately at #1236
9hsein5
commented
3 months ago I am facing the same issue, since yesterday @snehapar9
asantacroce
commented
3 months ago I am also experiencing issues with accessing the Inspire Dashboard, for my case:
My environment where this happens is the following: emybot-dev-acaenv
iturner100
commented
3 months ago I'm also getting the 403 when trying to access the dashboard.
I'm seeing it both within an environment running my own applications (blazor web, .net 8 api) as well an environment running the quick-start hello world image.
I have owner rights on the subscription the container apps and environments are in
MrDeej
commented
3 months ago I have same issues, 403 on all my dashboards, so right now I am blind to my logs.
Tried app registration fix described over with both: https://aspire-dashboard.ext.{azure resource name}.norwayeast.azurecontainerapps.io/.auth/login/aad/callback https://aspire-dashboard.ext.{azure resource name}.norwayeast.azurecontainerapps.io/signin-oidc
But no success
umnex
commented
3 months ago I think the aspire dashboard should be deployed as a separate independent resource within the resource group so that we can manage all of its aspects on our own.
umnex
commented
3 months ago I'm still unable to access the dashboard in 2 different environments.
jedjohan
commented
3 months ago I think the aspire dashboard should be deployed as a separate independent resource within the resource group so that we can manage all of its aspects on our own.
That sounds like a great idea !
MrDeej
commented
3 months ago @davidfowl I think your orchestration is broken. I got 403 Dashboard on a freshly new Aspire Starter kit when deployed with azd.
umnex
commented
3 months ago Can we please get an update on this? when can we expect this issue to be resolved?
chosh-capa
commented
3 months ago same here
bbowers0
commented
3 months ago I'm having this same issue in two different accounts/subscriptions where I am an owner.
MrDeej
commented
3 months ago Up and running again today. I did nothing. Magical.
bbowers0
commented
3 months ago The dashboard works if I launch it in an InPrivate or Incognito window so that it prompts me to sign in. This worked for a work Microsoft account. The sign in UI for the dashboard doesn't allow me to specify whether it's a work or personal account and it just picks the work account, so I can't view the dashboard associated with my personal Microsoft account.
aitrailblazer
commented
3 months ago this and the issues that Aspire cannot work with External ID and native authentication is making it not GA and no usable right now. There is a long way till GA.
simonjj
commented
3 months ago We have a fix for the original parent issue raised. We will be rolling this into the fleet over the coming weeks. Until this is fix is available everywhere. Please send an email to acasupport and reference this issue for us to reconcile this for you manually.
simonjj
commented
3 months ago To additionally clarify the 403 issue mentioned in the comments is unrelated to the parent issue and is being tracked in #1238
MrDeej
commented
3 months ago
I am so tired of seeing this page instead of my highly valued logs and traces. Can you please fix whatever that is wrong?
ijn-kruso
commented
3 months ago I'm having the same issues. I have Contributor role for the Container App.
snehapar9
commented
3 months ago The fix for this issue has been rolled out. Please let us know if you continue to encounter this error.
snehapar9
commented
3 months ago I'm having the same issues. I have Contributor role for the Container App.
@ijn-kruso can you please confirm you have Contributor/Owner permission on the Container App environment?
ijn-kruso
commented
2 months ago I'm having the same issues. I have Contributor role for the Container App.
@ijn-kruso can you please confirm you have Contributor/Owner permission on the Container App environment?
Just checked - and I'm Contributor on the Container App Environment as well, and still, getting the same error: Could not authenticate user with requested resource.
ijn-kruso
commented
2 months ago I'm having the same issues. I have Contributor role for the Container App.
@ijn-kruso can you please confirm you have Contributor/Owner permission on the Container App environment?
Just checked - and I'm Contributor on the Container App Environment as well, and still, getting the same error: Could not authenticate user with requested resource.
FYI @snehapar9 Still having this issue as of today.
bishwaranjans
commented
2 months ago It is the same issue for me. Could not authenticate user with requested resource.
snehapar9
commented
2 months ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate.
Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
snehapar9
commented
2 months ago @bishwaranjans you mentioned you were able to access the dashboard after you modified permissions on the environment level? Are you still seeing this error?
ijn-kruso
commented
2 months ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate.
Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
I can confirm i have Contributor access. When i go to the Container Environment -> Access control (IAM) -> View my Access.
To confirm, from what you're saying, Contributor is not enough when it's Inherited from Resource Group? Is this intended? We need to manually add Contributor directly on the Container Environment?
snehapar9
commented
2 months ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate. Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
I can confirm i have Contributor access. When i go to the Container Environment -> Access control (IAM) -> View my Access.
To confirm, from what you're saying, Contributor is not enough when it's Inherited from Resource Group? Is this intended? We need to manually add Contributor directly on the Container Environment?
@ijn-kruso correct. we are working on rolling out a fix for inherited permissions from resource group to be propagated properly.
simonjj
commented
2 months ago Fix should be available and rolled out now. Please open a new issue if this should come back up.
ijn-kruso
commented
2 months ago Hey @ijn-kruso can you please confirm you followed steps outlined here? You need to have Owner/Contributor access on the container app environment. Please note that permissions from subscription/resource group do not propagate. Can you please provide your environment name and subscription id to acasupport@microsoft.com? Please be sure to link this issue.
I can confirm i have Contributor access. When i go to the Container Environment -> Access control (IAM) -> View my Access.
To confirm, from what you're saying, Contributor is not enough when it's Inherited from Resource Group? Is this intended? We need to manually add Contributor directly on the Container Environment?
@ijn-kruso correct. we are working on rolling out a fix for inherited permissions from resource group to be propagated properly.
@snehapar9 I'm working as a consultant and getting new permissions added can be a lengthy process. Can you update the ticket once the "inherited permissions fix" is available?
snehapar9
commented
2 months ago @ijn-kruso sure, I will. Thanks!
aitrailblazer
commented
1 month ago I tested today.
the dashboard is working:
https://aspire-dashboard.ext.
this is the working link for the web app:
https://webfrontend.
When I click on the web app link from the dashboard:
the link is not correct:
https://webfrontend--c6gmgnh.
I see --c6gmgnh. which is not correct.
From other side logs are OK.
I'm following: See live data on Azure Container Apps with the Aspire dashboard https://techcommunity.microsoft.com/t5/apps-on-azure-blog/see-live-data-on-azure-container-apps-with-the-aspire-dashboard/ba-p/4147938
Troubleshooting You may receive an authentication error when accessing the dashboard – “Could not authenticate user with requested resource.” To solve this problem, ensure you have been granted "Microsoft.App/managedEnvironments/write", "Contributor", or "Owner" on the container app environment resource.
This issue is a: (mark with an x)
Issue description
I'm following the instructions in assigning Contributor, Owner role
but received :
Could not authenticate user with requested resource.
Steps to reproduce
1) Deploy a .NET Aspire project to Azure Container Apps https://learn.microsoft.com/en-us/dotnet/aspire/deployment/azure/aca-deployment 2) Quickstart: Build your first .NET Aspire project https://learn.microsoft.com/en-us/dotnet/aspire/get-started/build-your-first-aspire-app?pivots=dotnet-cli
Granted Owner status for the Container Apps Environment
Expected behavior [What you expected to happen.]
to be able to view the dashboard.
Actual behavior [What actually happened.] Could not authenticate user with requested resource.