Why do I get this message "You do not have permission to view this directory or page." in a published Web Service Application?

Humberto Elizondo 0 Reputation points

I'm only following the most basic tutorial in authentication, which works perfectly in development environment, but once is published and entered my credentials (same as the development environment), I get the message "You do not have permission to view this directory or page."

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,607 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 29,856 Reputation points Microsoft Employee

    @Humberto Elizondo ,

    The "you do not have permission to view this directory or page" error is a generic error that appears in production. I would recommend reviewing this similar post in Stack Overflow that offers detailed troubleshooting for this particular error.

    In order to see more detailed error messages you need to go to the Azure portal > App Services > Your app > App service logs > Detailed Error Messages > Turn on.

    User's image

    Then in your web.config, add <customErrors mode="Off" /> before system.web closing tag, </system.web>. Then add <httpErrors errorMode="Detailed"></httpErrors> before </system.webServer> and upload your web config to Azure. Then you should see the new error message with more detail as described here.

    Other possibilities to check:

    • Make sure your application is deployed to the correct root folder
    • Ensure that AAD/Entra logins are enabled under Your App Service > Settings > Authentication/Authorization > Add identity provider (i.e. Microsoft) > Configured > Manage Azure Active Directory: Manage Permission > Add > Delegate permission > "Sign users in" and "View users' basic profile"

    User's image

    Last, make sure that you do not restrict IP in the IIS config in your web.config file. If the following is added, remove it if you do not want to restrict IP addresses:

    <ipSecurity allowUnlisted="false">
    <clear />
    <add ipAddress="" allowed="true" />
    </ipSecurity >

    I would also recommend reviewing the solutions to this issue in this detailed Stack Overflow post. Enabling the application logs should give you some insights though.

    Let me know if this helps and if you still face this issue.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.

    0 comments No comments