Share via

Azure Function LDAP call, Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Gary Zhou 1 Reputation point
2022-02-07T15:36:17.007+00:00

I am working on a Azure Function v1 app, using .NET framework 4.8, this app has to create account in on prem Active Directory using LDAP over SSL, but it always got Access is denied error.
This app use service account for LDAP request, I believe the service account permission has set properly because it works fine in developer's machine.

Any idea?
Thanks!

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,911 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MughundhanRaveendran-MSFT 12,506 Reputation points
    2022-02-09T16:05:34.877+00:00

    @Gary Zhou ,

    Thanks for reaching out to Q&A.

    Using ldap in functions is actually complicated and there might be some restrictions. From a networking perspective, you need to create a hybrid connection using expressroute or atleast a point to site connection to access an on-prem resource. When you have successfully configured the hybrid network connectivity, then comes the restriction on LDAP.

    Things you cannot do with Hybrid Connections includes Support LDAP, because it can require UDP. Please refer : https://devblogs.microsoft.com/premier-developer/using-azure-app-services-with-hybrid-connections/#things-you-cannot-do-with-hybrid-connections

    I would suggest you to host your .net application in a VM and access the on-prem Active directory using LDAP over SSL.

    Please see a similar discusssion here: https://stackoverflow.com/questions/49196898/azure-app-service-active-directory-authentication-access-denied/52633900#52633900

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.