How to authenticate with app-auth to crawl an azure web application?

nicholas dipiazza 26 Reputation points

You can run the following to obtain a bearer token from

Curl command example here:

Then you can use this bearer token to access an Azure Web Site:

Curl command example here:

This works on our sample microsoft online account that we created from scratch to run this test. Without the bearer token, we get authentication redirected. With bearer token, we are able to access the web page.

When we run this same thing on our corporate instance, it just throws a generic error:

"You do not have permission to view this directory or page." (401 Unauthorized)

Is there a link on the Azure Online Portal to obtain the information about the failure?

Related links I found maybe helpful but not sure if any of them are what I need:

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,001 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,799 questions
{count} votes

2 answers

Sort by: Most helpful
  1. SnehaAgrawal-MSFT 18,701 Reputation points

    Suggest you to enable application logging, you should see authentication and authorization traces directly in your log files.
    If you see an authentication error that you didn't expect, you can find all the details by looking in your existing application logs. If you enable failed request tracing, you can see exactly what role the authentication and authorization module may have played in a failed request.

    Check this article for details on Authentication and authorization in Azure App Service and Azure Functions

    0 comments No comments

  2. SnehaAgrawal-MSFT 18,701 Reputation points

    @nicholas dipiazza If there is cold starts? it seems Always On request receives a 401. Could you use app setting WEBSITE_WARMUP_PATH = "/" for authorization/authentication to bypass the root URL.