IP restriction not working when following documentation of Windows Azure

Question

I want to try to restrict access to a webrole based on 'Cloud Services' based on IP. There is a good documentation in this article, but when I follow it I get an error when deploying it.

The error I get is:
Recycling (Role has encountered an error and has stopped. Application startup task failed with exit code 1

It is getting wrong on the part of

%windir%\system32\inetsrv\AppCmd.exe unlock config -section:system.webServer/security/ipSecurity

So I think the command is wrong, I am running the Webrole on Operating System Windows 2012.

When only adding the web.config part nothing changes and it does not work

<system.webServer>
    <security>
        <!—Unlisted IP addresses are denied access–>
        <ipSecurity allowUnlisted=”false”>
        <!—The following IP addresses are granted access–>
            <add allowed=”true” ipAddress=”192.168.100.1” subnetMask=”255.255.0.0″ />
           <add allowed=”true” ipAddress=”192.168.100.2″ subnetMask=”255.255.0.0″ />
        </ipSecurity>
    </security>
</system.webServer>

Is there anybody with experience with this, who can help me?

Answer 1

If you log in to any running instance of a windows azure cloud service via RDP and start up a command line with elevated privileges you can test such commands before using them in a startup script. That way you might get a proper error message.

I tried it on one of my Azure instances and I noticed:

%windir%\system32\inetsrv\AppCmd.exe unlock config - section:system.webServer/security/ipSecurity

never exits but

%windir%\system32\inetsrv\AppCmd.exe unlock config /section:system.webServer/security/ipSecurity

does the trick.