Retrieving publishing credentials failed with HTTP status 403

I’m attempting to deploy an Azure WebApp and I think I’ve done everything according to the book, but I’m getting the following error:

System.AggregateException: One or more errors occurred. —> System.Exception: Retrieving publishing credentials failed with HTTP status 403 - Forbidden

Is this a permissions issue on Azure? Under Subscriptions > Access Control, we assigned the app with the Reader role.

Please note I’m using Service Principal, and Octopus is able to read the webapps from Azure successfully. The issue only happens on deployment.

I’ve also posted the issue on StackOverflow:

Hi Eric,

Thanks for getting in touch.

Your Service Principal will need the Contributor role in order to deploy on Azure.

If you take a look at the example PowerShell script we provide in our Azure Service Principal Account guide, you’ll see that we assign “Contributor” for the role definition argument.


New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId

Hope this helps.


Thanks for the feedback.

It would be helpful if you update the documentation to include that instruction under “Option 2: Use the Azure Portal”, since the Microsoft documentation you link to uses Reader in their examples.

No worries Eric. We agree and have added a callout under “Option 2” to make that more clear for people in the future.