question

DaleGodfredson-2935 avatar image
0 Votes"
DaleGodfredson-2935 asked PramodValavala-MSFT commented

Issue configuring Azure AD with Function App

I've followed the documentation here (https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad#configure-client-apps-to-access-your-app-service) to configure App Registration for an Azure Function App. I've tried both using an existing App Registration and Creating a new App Registration automatically however I just get the following error message:

You do not have permission to view this directory or page.

The function app works correctly before I create and configure the App Registration.

Can someone please assist. The URL is: https://coy-test-auth.azurewebsites.net/api/TestAuth?

Thanks
Dale

azure-functions
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered PramodValavala-MSFT commented

@DaleGodfredson-2935 There is an option to set the default response - 401 or 302. A 302 response will redirect the caller to the identity provider to perform authentication. In your case, you seem to have set it to 401.

If you are using File based Configuration, you need to set globalValidation.unauthenticatedClientAction to RedirectToLoginPage.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Pramod, thanks for responding.
I
I've followed this tutorial and got it working with calling graph API's: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-javascript

I've added a custom Azure Function App and configured the registration for it as follows:
- added the following redirect: https://coy-test-auth.azurewebsites.net/.auth/login/aad/callback
- Selected ID tokens
- Accounts in this organisation only

Under the web app registration I've specified user_impersonation for the api registration above

I can access the Graph API's ok but get 401 error when requesting my function app

In the js code I am explicitly adding the bearer token when issuing the api request however when I view the request with Fiddler the token isn't in the request, yet it is in the Graph API request?

Can you please assist.

Thanks
Dale



0 Votes 0 ·

@DaleGodfredson-2935 Sorry for not getting back on this one. The token cannot be used directly and instead should be exchanged for another token as shown in the authentication flow docs.


0 Votes 0 ·