I use the following code inside my application Application_Start section. This updates the web.config with the latest token and is used in all the tutorials for Azure AD consuming apps.
My app, which has been running happily for almost a year, it has now failed to start with an Access Denied error to the web.config path linked to this code. The code itself hasn't changed so I assume some security update has come in. I can't find any reference to the error or update online. The security settings on the folder look just fine. A redeploy doesn't resolve this.
The workaround is to debug locally, where this code does work and then republish the app with the web.config changes. This code still seems to be valid on MSDN. To recreate I just update the token with an invalid charactor on the webrole.
protectedvoidRefreshValidationSettings(){string configPath =AppDomain.CurrentDomain.BaseDirectory+"\\"+"Web.config";string metadataAddress =ConfigurationManager.AppSettings["ida:FederationMetadataLocation"];ValidatingIssuerNameRegistry.WriteToConfig(metadataAddress, configPath);}