Working ActiveDirectoryMembershipProvider in Classic Cloud Services but do not work on Azure Web App

Question

We have a working ASP.Net Web Application (.NET Framework not Core) on .NET 4.7.2 that was deployed to a classic cloud services. We are trying to deploy it to the Azure App Services. Majority of the existing functionality are working good so far. Unfortunately we are having trouble with getting the ActiveDirectoryMembershipProvider as part of the FormsAuthentication working.

Our LDAP is hosted in AWS an will be accessed by IP Address. For debugging purposes we try it on unsecured LDAP (port 389). We can reach the LDAP from the machine, we can get the group memberships of the test ldap user. However, using the built in ActiveDirectoryMembershipProvider we're getting the error below

Exception type  System.Configuration.ConfigurationErrorsException
Exception message   Access is denied.
 (D:\home\site\wwwroot\web.config line 242) <--- Access is denied.
System.Configuration.ConfigurationErrorsException: Access is denied.
 (D:\home\site\wwwroot\web.config line 242) ---> System.UnauthorizedAccessException: Access is denied.

   at System.DirectoryServices.ActiveDirectory.DirectoryContext.IsContextValid(DirectoryContext context, DirectoryContextType contextType)
   at System.DirectoryServices.ActiveDirectory.DirectoryContext.isDomain()
   at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
   at System.Web.Security.DirectoryInformation.InitializeDomainAndForestName()
   at System.Web.Security.ActiveDirectoryMembershipProvider.Initialize(String name, NameValueCollection config)
   at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
   --- End of inner exception stack trace ---
   at System.Web.Configuration.ProvidersHelper.InstantiateProvider(ProviderSettings providerSettings, Type providerType)
   at System.Web.Configuration.ProvidersHelper.InstantiateProviders(ProviderSettingsCollection configProviders, ProviderCollection providers, Type providerType)
   at System.Web.Security.Membership.InitializeSettings(Boolean initializeGeneralSettings, RuntimeConfig appConfig, MembershipSection settings)
   at System.Web.Security.Membership.Initialize()
   at System.Web.Security.Membership.get_Provider()
   at System.Web.Security.Membership.ValidateUser(String username, String password)
   at <ASPX METHOD>:.ValidateUser(String username, String password) in <ASPX CODEBEHIND>:line 56
   at <ASPX METHOD>(Object sender, EventArgs e) in <ASPX CODEBEHIND>::line 26
   at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
   at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
   at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at ASP.<ASPX CODEBEHIND>:.ProcessRequest(HttpContext context) in d:\local\Temporary ASP.NET Files\root\0a1c09b7\daf71945\App_Web_ahzd2zi1.4.cs:line 0
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.<>c__DisplayClass285_0.<ExecuteStepImpl>b__0()
   at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
   at System.Web.HttpApplication.StepInvoker.<>c__DisplayClass4_0.<Invoke>b__0()
   at Microsoft.AspNet.TelemetryCorrelation.TelemetryCorrelationHttpModule.OnExecuteRequestStep(HttpContextBase context, Action step)
   at System.Web.HttpApplication.<>c__DisplayClass284_0.<OnExecuteRequestStep>b__0(Action nextStepAction)
   at System.Web.HttpApplication.StepInvoker.Invoke(Action executionStep)
   at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

The membership config are as follows

<membership defaultProvider="MyADMembershipProvider">
    <providers>
        <clear />
        <add name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider" connectionStringName="ADConnectionString" attributeMapUsername="sAMAccountName" connectionUsername="<DOMAIN>\<USERNAME>" connectionPassword="<PASSWORD>" />
    </providers>
</membership>

The connection string is

<add name="ADConnectionString" connectionString="LDAP://<IPADDRESS>:<PORT>/DC=<DOMAIN>,DC=local" />

Can't seem to find anything that would indicate that there is something different running it in Azure. Any insight is appreciated.

Answer 1

Azure App Services do not work with Active directory. You may want to explore Azure Active Directory.

LDAP will not work on Cloud directly. You will have to use Azure AD Domain Services - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/configure-ldaps

Also, App services is a sandboxed environment.