Why Azure auth/callback authentication throwing error only for APIM URL

Question

Why Azure auth/callback authentication throwing error only for APIM URL

Antony Raj 0

We using Cookie authentication in our .Net Core API connecting to Angular App When we deploy the application in App Service, the authentication & Authorization is happening properly, then we get Cookie generated & the application request going to our API all works fine. But when we use APIM- URL which is pointing to out API and do the same call of the API from Angular, the request going to Challenge method of Azure, & getting error as follows User's image

Achraf Ben Alaya 1,311 Reputation points MVP

2024-02-14T11:25:53.01+00:00

is the App Service protected via authetification/authorization ? have you tried to call the api's from the apim portal and tested ?
Antony Raj 0 Reputation points

2024-02-15T10:41:33.4466667+00:00

@Achraf Ben Alaya Yes, App Service user authentication, and call from APIM to API work fine
Achraf Ben Alaya 1,311 Reputation points MVP

2024-02-15T10:58:01.98+00:00
If you're receiving a 401 error (Unauthorized) when making a call to Azure API Management (APIM) from the front-end, and you see a Microsoft login URL in the header, it's likely because your API requires authentication or authorization, and the user making the request is not properly authenticated. Here are a few possible reasons for this issue:

Missing or Invalid Authentication Token: The front-end application might not be including a valid authentication token (such as an OAuth token) in the request headers when calling the API. Ensure that the front-end application is correctly obtaining and including the required token in the request.

Incorrectly Configured API Management Policies: Check the policies configured in your API Management instance. There might be policies such as OAuth2 authentication or API key validation that are causing the 401 error if they are not configured correctly or if the required credentials are missing.

Expired or Revoked Tokens: If tokens are being used for authentication, ensure that they are not expired or revoked. If using OAuth tokens, make sure they are obtained using the correct authentication flow and are within their validity period.

Misconfigured CORS Policies: If your front-end is making cross-origin requests to the API, ensure that CORS (Cross-Origin Resource Sharing) policies are correctly configured in both the API Management instance and the front-end application. Incorrectly Configured Identity Provider: If your API Management instance is configured to use Azure Active Directory or another identity provider for authentication, ensure that the settings are correctly configured and that users have the necessary permissions to access the API.

To troubleshoot further, you can:

Check the Azure APIM logs to see if there are any error messages or details about why the request is being rejected.

Verify the authentication mechanism used by your API and ensure that the front-end application is properly configured to authenticate requests.

Review the API Management policies and configurations to ensure they match the requirements of your front-end application.

If you provide more specific details ,logs about your setup a you're using, I can offer more targeted advice.

1 answer

Your answer

Achraf Ben Alaya 1,311 Reputation points MVP

2024-02-14T11:25:53.01+00:00

is the App Service protected via authetification/authorization ? have you tried to call the api's from the apim portal and tested ?
Antony Raj 0 Reputation points

2024-02-15T10:41:33.4466667+00:00

@Achraf Ben Alaya Yes, App Service user authentication, and call from APIM to API work fine

Answer 1

Antony Raj Thanks for posting your question in Microsoft Q&A. From the description above, you are using cookie authentication in your client app to the backend API which works fine but going through APIM it fails. There is no native support for cookie authentication in APIM and APIM supports JWT token i.e. token based. However, APIM can forward the cookie header to a backend or parse it in the policy. I suggest you validate how the client app is attempting the cookie authentication and sending the header to APIM.

Share via

Why Azure auth/callback authentication throwing error only for APIM URL

1 answer

Your answer