Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,838 questions
Authorization Header missing in webapp
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 90%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVG%3C/text%3E%3C/svg%3E)
Victor García Pastor
1
Reputation point
Hi everyone.
I have an api developed with symfony that use jwt tokens toa utenticate ours users.
When i send a Authorization Bearer {JWT Token} header, the webapp remove this, and our code can't access.
I try to use another name for the header and it's received fine for the application.
How can i make that Azure Webapp don't intercept this token and pass this to the application.
Thanks!
PD: Authentication WebApp it's disabled
App Settings
{"deployment_branch":"master","SCM_TRACE_LEVEL":"Verbose","SCM_COMMAND_IDLE_TIMEOUT":"60","SCM_LOGSTREAM_TIMEOUT":"7200","SCM_BUILD_ARGS":"","WEBSITE_AUTH_RUNTIME_VERSION":"~1","SCM_USE_LIBGIT2SHARP_REPOSITORY":"0","WEBSITE_AUTH_LOGOUT_PATH":"/.auth/logout","ScmType":"None","WEBSITE_AUTH_ENABLED":"False","WEBSITE_AUTH_UNAUTHENTICATED_ACTION":"AllowAnonymous","WEBSITE_HTTPLOGGING_RETENTION_DAYS":"3","WEBSITE_SITE_NAME":"pdmpg01-back","WEBSITE_AUTH_DEFAULT_PROVIDER":"AzureActiveDirectory","WEBSITE_AUTH_TOKEN_STORE":"False","FUNCTIONS_RUNTIME_SCALE_MONITORING_ENABLED":"0","REMOTEDEBUGGINGVERSION":"16.0.28729.10","LogLevel":"debug","WEBSITE_AUTH_AUTO_AAD":"False"}
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Saurabh Sharma 23,671 Reputation points Microsoft Employee2020-05-12T22:45:19.133+00:00 I am sorry but I am not able to follow you when you say "When i send a Authorization Bearer {JWT Token} header, the webapp remove this, and our code can't access" ? Can you please provide details - what exactly you are trying to achieve, what steps you have followed and if you are getting any errors ?
-
Victor García Pastor 1 Reputation point
2020-05-12T23:31:46.467+00:00 Hi SaurabhSharma-msft
When we send a packet using postman for example with the Header Authorization:Berarer XXXXtokenJWT the symfony application deployed in the webapp don't receive this header.
If we put another other name to the same value for header this it's received ok b the application.
I hope this explain best our issue.
Regrds!
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
soumi-MSFT 11,716 Reputation points Microsoft Employee2020-05-13T10:58:48.263+00:00 @VictorGracaPastor-0872, Thank you for sharing the details. though still confused with this behavior as this is not an expected behavior. This Authorization: Bearer <access-token> sent under the Header of the request being sent to the API, ideally gets validated and authorized by the resource mentioned in the request. Its not making sense as of why the WebApp would filter this out.
We would have to troubleshoot this deeper to understand this better. In order to do that we would like to following details being sent to azcommunity[at]microsoft[dot]com.
- Tenant ID/Tenant Name:
-
- Subscription ID:
-
- Application Name:
-
- Application ID:
Do also share the reference of this thread in the email so that its easier for us to locate the email and help your further.
Sign in to comment