During the initial setup of our on-premises installation of SPAS with FIDO support, you must add permissions in SQL for the initial startup of the API server.
You may see this error when using https://local.api.surepassid2023.com/status or https://local.api.surepassid2023.com/api/home on the initial setup of our SPAS/API (FIDO) servers.
HTTP Error 500.30 - ASP.NET Core app failed to start
Common solutions to this issue:
· The app failed to start
· The app started but then stopped
· The app started but threw an exception during startup
Troubleshooting steps:
· Check the system event log for error messages
· Enable logging the application process' stdout messages
· Attach a debugger to the application process and inspect
For more information visit: https://go.microsoft.com/fwlink/?LinkID=2028265
This may be due to missing permissions on the SurePassID DB in SQL, which is corrected by using SQL Management Studio to connect to the DB and run the query shown here:
EXEC sp_addrolemember 'db_ddladmin', 'SPUSER_2023'
Note that you should be sure you have the correct DB selected and the correct username specified. The above will put the specified user into the role db_ddladmin and will grant the needed permissions for the initial startup of the API server.
Recycling the application pool and the API site in IIS is recommended, then you should be able to see the correct information when using https://local.api.surepassid2023.com/status or https://local.api.surepassid2023.com/api/home.
Once you have confirmed the above is correct, you can revoke the permission using this query as it is required only on the initial startup of the API server:
EXEC sp_droprolemember 'db_ddladmin', 'SPUSER_2023'
The above will drop the user from the specified role which is the correct setting for normal use.