Share via

403 Status Code Error When Building Azure Web App Service Using App Service Build Service Connected to GitHub

Abdal Khan 0 Reputation points
2026-05-20T17:33:58.5933333+00:00

Upon making an edit in Visual Studio 2026 Community Edition and doing a commit and push, the Web App Service returns a

Request failed with status code: 403, I have to force sync in order for it to successfully build the code on GitHub. On the GitHub side, it returns a 202 and is able to make the delivery, but on the Azure side it gives a status code: 403 forbidden. There are no other logs I can find that provide more details other than on the Azure side, the commit ID is labelled temp, and the author is set to N/A. This issue was also reproducible, as someone else forked my repo and attempted to use the App Service Build Service and got the same error. If any other information is needed let me know.

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praneeth Maddali 9,595 Reputation points Microsoft External Staff Moderator
    2026-05-20T17:58:57.68+00:00

    Hi @Abdal Khan

    Thank you for sharing those details the pattern you described (GitHub returning 202 Accepted while Azure shows 403 Forbidden, plus Force Sync working and commits showing as “temp” / author N/A) is very helpful in narrowing this down.

    This typically means GitHub is successfully delivering the webhook, but the App Service’s SCM (Kudu) endpoint is rejecting the deployment request due to an authorization or access restriction on the Azure side.

    Recommended Checks

    1. Access Restrictions (most common cause) Go to your App Service > Networking > Access Restrictions. Make sure the SCM endpoint (*.scm.azurewebsites.net) is not blocked. Often the SCM site needs broader access than the main site. > Uncheck “Same restrictions as main site” and ensure there’s an Allow rule for the SCM site.
    2. Re-authorize the GitHub connection In Deployment Center, disconnect and reconnect your GitHub repository. This refreshes the authentication token and permissions especially useful if the repo was forked.
    3. Enable SCM Basic Authentication Go to Configuration >General settings and set SCM Basic Auth Publishing Credentials to On. Save the change, then go back to Deployment Center and save the settings again to refresh the webhook.

    Reference :

    https://learn.microsoft.com/en-us/azure/app-service/deploy-continuous-deployment?tabs=github

    https://learn.microsoft.com/en-us/azure/app-service/configure-basic-auth-disable?tabs=portal
    User's image

    https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions?tabs=azurecli#restrict-access-to-an-scm-site
    User's image

    Long-term Recommendation

    For better security, logging, and reliability, I strongly suggest switching from the App Service Build Service to GitHub Actions as the deployment method.

    https://learn.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=openid%2Caspnetcore

    If the answer is helpful,  Please do click "Accept the answer” and Yes, this can be beneficial to other community members.

    If you have any other questions, let me know in the "comments" and I would be happy to help you

     

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-05-20T17:34:20.4566667+00:00

    The 403 status code on Azure App Service indicates that the deployment request is reaching the service but is being actively refused by the server, not that GitHub or the build pipeline fails to send it.

    From the available information, the relevant guidance is that a 403 in a deployment context typically means the target service is reachable but is rejecting the request due to configuration or access restrictions. For example, when using Web Deploy, a 403.6 substatus indicates that the IP address is rejected or remote connections are not allowed. In that scenario, enabling remote connections on the Management Service resolves the issue.

    Applied to App Service Build Service connected to GitHub, the same pattern implies that some access restriction or configuration on the App Service side is blocking the incoming deployment/build request, even though GitHub reports a 202 and successful delivery. The fact that the commit appears as temp with author N/A is consistent with the deployment being attempted by the service itself rather than by a user identity, and being blocked before it can be fully processed.

    To troubleshoot on the Azure side:

    1. Check for access restrictions or IP-based blocking on the App Service (similar to how a 403.6 indicates IP rejection in IIS). If there are IP restrictions, ensure the App Service Build Service endpoints are allowed.
    2. Review any management or deployment endpoint configuration (for example, settings analogous to “Enable Remote Connections” in IIS Management Service) to ensure that automated deployment connections are permitted.
    3. Since the issue is reproducible across forks and appears specific to the App Service Build Service, collect the exact 403 response details (including any substatus code) from App Service logs and compare them with IIS/HTTP status code documentation to identify the precise access condition being violated.

    Once the underlying access restriction is removed or adjusted, the App Service Build Service should be able to accept the deployment without requiring a manual force sync.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.