App Service Authentication with Postman

Question

Let me preface my question by noting what will probably be obvious, I'm a total newbie to Azure. :-)

I created a Web API app in Visual Studio 2019 and published it to Azure which in turn set up my App Service. After that I followed the docs that walked me thru setting up app scopes and app roles for my registered app. I was able to successfully perform GET from Postman using OAuth 2.0 with my client id, etc.

Next I wanted to get information about the user (in this case myself) from Identity and check the app role so I could further refine permissions to functionality in the app. However, Identity name was always blank. I researched and it seemed I needed to turn on App Service Authentication and choose Log in with Azure Active Directory. Once I did that, Postman could no longer successful perform the GET. Though I get a token, the response upon Send is "You do not have permission to access this directory of page." If I access the function directly in the browser it works. It's just Postman that doesn't. If I flip App Service Authentication back off, Postman works again.

What permissions do I need to alter in Azure, or what changes to the request configuration do I need to make in Postman, to fix this?

Answer 1

@JJ Welcome to Azure! I'm going to take a stab to see if I can answer the question with the below suggestions. If the below suggestions do not help, please let us know and I can try to engage the AAD folks to assist further but I wanted to try and get you a reply before the weekend.

Good info here: https://www.codit.eu/blog/2017/03/14/authenticate-postman-against-azure-service-management-api/

To use Postman you need an authorization token. There are easy and hard ways to get that token. The easiest I have found is to use the ARMclient.

Get ARMclient if don't have it.
choco install armclient

Login with arm client using:
armclient login

Set the bearer token in buffer with:
armclient token https://management.azure.com

• In case you have multiple tenanats:
• Switch token to different tenant.
ARMClient.exe token [tenant]

https://github.com/projectKudu/ARMClient/wiki/Login-and-Acquire-Tokens

That puts the auth token into your paste buffer.

Open postman

In postman go to headers.

Click headers.
Create header
Set Key to Authorization
Set Value to Bearer <paste of the auth token that is in your paste buffer>

If doing a GET operation that matches to stuff you see in resources.azure.com you can copy the link from there and put it here. Set the operation to GET

If doing a PUT operation on the same URL, set the operation to PUT. Click Body. Click raw. Put your json in there.
A PUT should give a reply with the updated json in the body

If doing a PATCH operation, for example on the sku element in the serverfarm object, the body would look like
{
"sku": {
"name": "I1",
"tier": "Isolated",
"size": "I1",
"family": "I",
"capacity": 4
}
}
There is no body in the reply. In the reply headers you have a link in the Location header that gives the reply. In Postman you can create additional tabs with separate queries at the top

If doing a GET operation that matches to stuff you see in resources.azure.com you can copy the link from there and put it here. Set the operation to GET

If doing a PUT operation on the same URL, set the operation to PUT. Click Body. Click raw. Put your json in there.
A PUT should give a reply with the updated json in the body

If doing a PATCH operation, for example on the sku element in the serverfarm object, the body would look like
{
"sku": {
"name": "I1",
"tier": "Isolated",
"size": "I1",
"family": "I",
"capacity": 4
}
}
There is no body in the reply. In the reply headers you have a link in the Location header that gives the reply. In Postman you can create additional tabs with separate queries at the top