UiPath Identity Server URL: "You do not have permission to view this directory or page"

I installed Uipath Orchestrator from Azure Market I notice that the Identity Server URL gives the following error when it accessed

I think this is because of the IIS (webserver runs on the Microsoft .NET platform on the Windows OS) logic flow

  • The request will hit wwwroot and is looking for web.config which is a file that is read by IIS and the ASP.NET Core Module to configure an app hosted with IIS
  • Since no web.config is in wwwroot we will get the message “You do not have permission to view this directory or page” when accessing the URL, which is given in the absence of we.config file where windows authentication and authorization requirements are specified.

However https://andranecula-identity.azurewebsites.net/identity WORKED

image

So as a workaround solution, I created a web.config file inside wwwroot that redirected the calls /identity which fixed the problem.

Which indeed fixed the issue, calling direct URL https://andranecula-identity.azurewebsites.net WORKED, but I ran out into another issue

If you hit on the Management/Settings

For now, I removed the solution created web.config file:

https://andranecula-identity.azurewebsites.net direct link gives me “You do not have permission to view this directory or page” but if you put /identity Works :open_mouth:

My question is the following:

Why UiPath Identity Server URL gives a “You do not have permission to view this directory or page” message when assessed?

How can be fixed?

Thanks,
Andra

1 Like

Hey @Andra_Necula

Is this a cloud version of UiPath?

Thanks
#nK

Yes, you can set up the entire UiPath Orchestrator deployment from Azure Cloud Market

I followed the official documentation:
Azure Marketplace Deployment (uipath.com)

I wonder how looks on-prem…

1 Like

Yep it’s quite different for on prem.

I see that if I want to contact support I need to get a UiPath licence

UiPath Azure cloud – Market solution deploys for you:

  • the Orchestrator
  • the Azure Identity Server
  • the WebHook
  • the SQL server

The Operator URL works like a charm, and the hole site actually

But the Server Identity, not only that the code from wwwroot is in the file Web, but is different that the structure of the Orchestrator (for Orchestrator the code is directly in wwwroot)

I tried different things:

  • move the code in wwwroot → failed
  • create in wwwroot a web.config to redirect to /identity, which works but on the platform I get other components failing :smiley:

I feel that either the solution is buggy, either the documentation is missing something

1 Like

Okay got it. Will check on prem configuration and see if something helps.

So you are using community version?

I did not install the Uipath Studio yet.

I did not add yet a license to Orchestrator either ( that’s why for now I can not contact support)

1 Like

The steps are:

  1. Go in Azure Portal, and select UiPath Orchestrator, click create

  2. This is the deployment created

  1. **But Server Identity URL gives that message

However, if you add /identity at the end works

The expected behavior is for the Identity Server URL displayed on Azure Portal to work

1 Like

Hey @Andra_Necula

Got it now clearly.

But the identity server in UiPath works with the same orchestrator URL followed by /identity

That’s how it is right. And it will be deployed as an other server module which is fine.

Thanks
#nK

I got your point, but I think my issue was not understood. That was not my complaint. I am aware that each module is separated.

In Azure, the Identity Server has NOT the same URL as the Orchestrator.

And my complaint all along was that the Server Identity URL provided by the Azure Deployment does not work.

As I already specified via screenshots to be clear, if you look over the pictures you will notice that each module has its own URL

Identity URL

image

Orchestrator URL

image

See are 2 different URL.

Now the Identity URL provided in Azure Portal if I click on it gives me

But if I add /identity works

The problem is that each URL provided in Azure Portal should work

1 Like

Hey @Andra_Necula

Okay make sense.

Will try to explore on it. Will be useful if we know the answer to it.

Thanks
#nK

1 Like

But the identity server in UiPath works with the same orchestrator URL followed by /identity
That’s how it is right. And it will be deployed as another server module which is fine.

On Azure indeed each module is separated, which is also described in the UiPth official documentation.

If I go on Azure Platform and click on each operator I see that Orchestrator and Identity have URL used to access the UiPath platform

Orchestrator URL https://andranecula.azurewebsites.net → click on it WORKS

Identity URL https://andranecula-identity.azurewebsites.net → click on it you get “You do not have permission to view this directory or page” — which in IIS is the default behavior since is looking for web.config file which is not there

The expected result is that each URL displayed on Azure Cloud Platform regarding UiPath to work and redirect you to the UiPath Orchestrator/ Identity

As a customer I am not happy to see URLs that do not work, why do you display them?

See the URLs are different, all you have to do is to go on Azure Portal click on URLs and boths suppose to work

1 Like

:sunglasses: maybe is an issue with them, the Azure support will not help since the Azure Market services are supported by the publisher.

I will create a support ticket with UiPath once I will put my hands on a license :smiley:

In your case the Identity and Orchestrator have the same link?

1 Like

Yes @Andra_Necula I gonna check that.

Will keep you posted.

1 Like

Thanks, If I find something I will update here too

1 Like

Summary: I installed UiPath Orchestrator [check this article for installation guide]

Issue: identity server URL displayed on Azure Portal did not redirect to Identity Hub

Instead we got a permission denied message

However if we added /identity to the URL, we could interact with the platform

Note

You might think that’s a permission issue, well it is and it is not.

And I will explain my point of this. Feel free to correct me if I am wrong.

By default, App Service starts your app from the root directory of your app code. But UiPath Identity Server web frameworks don’t start in the root directory, it starts in the Web subdirectory, identity app service comes with path mapping set-up under identity name.

So Identity Server app would be accessible at http://{URL}/identity

Quick Mitigation:

If we want to direct http://{URL} to the identity directory instead, we can edit the virtual applications and directories from Azure App Services settings, but most likely we will end break other modules, since UiPath deploys more interconnected apps.

Since I tried different methods of editing either UiPath files or Azure App Service configurations, with partial success – I mean I mitigated my issue, but created other issues in different modules :slight_smile: , I decided to create a non-invasive solution.

As I mentioned above Azure App Service logic is to start the app directly from root, but UiPath Identity is designed to start from root/Web, wanting not to change nothing on UiPath files (again), I created in root a redirecting to identity. Now each time the user will hit http://example.com it will be automatically (in under 1 second) to http://example/identity.com loading the app, and all looks ok.