I created App Service in Azure Portal and Published my web application code to web App. In Web Application Powershell scripts not not executing and tried to attach debugger process to Web application and getting below error in exception.
Below is the error:
System.Management.Automation.PSSecurityException HResult=0x80131501 Message=File C:\home\site\wwwroot\Scripts\KeyVault.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170 Source=System.Management.Automation StackTrace: at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at System.Management.Automation.Runspaces.Pipeline.Invoke() at MSaaSPartnerOnboarding.Repository.RolesRepository.CreateAADAPP(RolesModel roles) in D:\KVPowershell\Repository\RolesRepository.cs:line 32
Inner Exception 1: UnauthorizedAccessException: File C:\home\site\wwwroot\Scripts\KeyVault.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170.**
Below is my Powershell Script:
param(
[Parameter(Mandatory=$true)]
[string]$KeyVaultName
)
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
Set-AzContext -Subscription "<<SubscriptionId>>"
New-AzKeyVault -VaultName $KeyVaultname -ResourceGroupName 'testrg' -Location 'East US'
Below is the C# code:
public void CreateKV(RolesModel roles)
{
try
{
Runspace runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
Pipeline pipeline = runspace.CreatePipeline();
PowerShell PowerShellInstance = PowerShell.Create();
string scriptPath = @"./Scripts/KeyVault.ps1";
Command mycmd = new Command(scriptPath);
Collection<CommandParameter> commandParameters = new Collection<CommandParameter>();
commandParameters.Add(new CommandParameter("KeyVaultName", roles.KeyVaultName));
foreach (CommandParameter commandParameter in commandParameters)
{
mycmd.Parameters.Add(commandParameter);
}
pipeline.Commands.Add(mycmd);
pipeline.Runspace.SessionStateProxy.SetVariable("ErrorActionPreference", "Stop");
Collection<PSObject> psObjects;
psObjects = pipeline.Invoke();
runspace.Close();
}
catch (Exception ex)
{
throw ex;
}
}
Script is executing locally but when I try to execute in Web Application it is not working.
It is clearly mentioned in the error that "script cannot be loaded because running scripts is disabled on this system." So, this is related to the execution policy of the user scope and thanks to @stuartd for pointed out in the right direction.
Changing the execution policy to
RemoteSignedshould solve the issue. To do this, OpenPowerShellas "run as administrator" and retrieve the execution policies enabled on the environment usingGet-ExecutionPolicyas shown below. If "remote signed" is not present, then set execution policy as remote signed.Set-ExecutionPolicy -ExecutionPolicy RemoteSignedReference blog for the relevant issue.
I have checked in
App servcie >> Kudu console >> PowerShelland was set to the expected policy values:-Also check you have necessary permissions in the Azure Web App to run the PowerShell script. (Eg: Contributor role)
If still the issue persists, try setting the execution policy to unrestricted as shown below.
Note: Allowing
unrestrictedaccess to PowerShell scripts is not recommended as it could lead to security conflicts, particularly if the data involved is confidential.