Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,257 questions
Adding <client_id>/user_impersonation to the scope seems to fix the problem.
Calling Azure Function protected by Microsoft Azure AD from command line not working with AccessToken, but with IdToken
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 87%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Kiril
96
Reputation points
I created a an Azure Function in Visual Studio Code and deployed it to Azure. After that I enabled Authentication using Microsoft as a provider. This generated the App Registration and the Enterprise App.
After that, added "Mobile and desktop applications" to the Enterprise App, because I want to call the Azure Function from the command line, and included http://localhost to the Redirect URIs:
Now, I am trying to call the Azure Function endpoint:
var clientId = "";
var tenantId = "";
var endPoint = "";
IPublicClientApplication app = PublicClientApplicationBuilder.Create(clientId).WithDefaultRedirectUri().WithAuthority(AadAuthorityAudience.AzureAdMyOrg).WithTenantId(tenantId).Build();
var result = await app.AcquireTokenInteractive(new List<string> { "User.Read" }).ExecuteAsync();
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
var response = await client.GetAsync(endPoint);
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
When I execute the code a new browser tab open, where I can login. This works as expected and I receive a message:
"Authentication complete. You can return to the application. Feel free to close this browser tab."
The result from the endpoint is not what I expect:
"You do not have permission to view this directory or page."
If I slightly change my code to I am getting the expected response.
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.IdToken); // IdToken instead of AcccessToken
Response:
"This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
However, reading through Microsoft documentation I understood that using IdToken here is wrong and I should always use the AccessToken. My question: how do I pass the AccessToken as Bearer token and make it possible to call the Azure Function?
Azure Functions
.NET CLI
.NET CLI
A cross-platform toolchain for developing, building, running, and publishing .NET applications.
322 questions
.NET Runtime
.NET Runtime
.NET: Microsoft Technologies based on the .NET software framework.Runtime: An environment required to run apps that aren't compiled to machine language.
1,119 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,457 questions
1 answer
Sort by: Most helpful
-
Kiril 96 Reputation points
2022-03-16T14:52:46.98+00:00 -
MayankBargali-MSFT 68,471 Reputation points2022-03-16T15:37:52.573+00:00 @Kiril Thanks for your response and for sharing the resolution.
-
Kiril 96 Reputation points
2022-03-18T09:54:46.233+00:00 Thank you. I am still trying to understand why it works, but it works.
Sign in to comment -