Azure Function Authentication with AAD Results in 'The page cannot be displayed because an internal server error has occurred.'

Michael Gressman 86 Reputation points
2020-11-11T23:13:23.577+00:00

I have an Azure Function that I created and connected to AAD using the Express method and letting it create the App Registration for me. This Azure Function works as expected where I am required to provide an access token for it to work.

I've tried to duplicate this by manually creating the App Registration via the portal for another Azure Function. In the Authentication / Authorization settings for the new Function, I chose the Express method but used the existing App Registration I created manually. Unfortunately, this function always returns the error 'The page cannot be displayed because an internal server error has occurred.' whenever I navigate to it. If I turn off the App Service Authentication then the Function works, albeit not protected by AAD. As soon as I turn the App Service Authentication back on, it fails with the internal server error message.

I've verified the settings between the automatically created App Registration from the first Function and my manually created App Registration from the second Function and everything looks correct. It just seems that something is still not setup correctly on the App Registration I created manually, but nothing in the portal seems to show me what that is and the error I am getting is completely useless.

How can I troubleshoot this to find out why my manually created App Registration is not working?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,331 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,896 questions
{count} votes

Accepted answer
  1. Matt Lavery 76 Reputation points Microsoft Employee
    2020-11-15T09:06:14.363+00:00

    Been facing this exact problem myself with a new Azure Function for a small project where calling the function API (either via browser or with Postman) would result in "The page cannot be displayed because an internal server error has occurred."

    Through some trial and error after reading the the steps you had also ruled out I switched from "Express" mode to "Advanced" mode in Active Directory Authentication. Here I noticed that the Issuer Url was set to something which didn't seem right from previously configuring this type of auth (i think it was https://sts.microsoft.com). What ever web site it was it was not a valid URL and didn't resolve.

    As my security is restricted to my specific tenant I set the Issuer Url to https://login.microsoftonline.com/{{tenant_id}}. This fixed the issue as now when I called the API from PostMan I would get the "You do not have permission to view this directory or page." with an invalid token supplied.

    Note: I also added a Client Secret just to improve the security, but I am doubtful that influenced the issue as I tried that before changing the Issuer URL.

    Let us know if that helps you.


2 additional answers

Sort by: Most helpful
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,491 Reputation points
    2020-11-12T21:17:49.847+00:00

    Hello @Michael Gressman . Your reply URL should be https://funcapi.azurewebsites.net/.auth/login/aad/callback. Also the identifier uri should be https://funcapi.azurewebsites.net.

    Let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.


  2. Thanh Duong 1 Reputation point
    2021-10-11T21:51:40.783+00:00

    I'm running into the same problem her as i get a 500 when i turn on AAD for my function app. There isn't an advanced or express option anymore, but i tried changing the issue URL as well and no luck. The secrets does match between the app registration and the function app configuration.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.