Azure Function App w/ 0Auth error - ERROR: AADSTS500011: The resource principal named

Julio Caproni 31 Reputation points
2022-08-22T07:28:48.35+00:00

I need to add 0Auth to my Azure Function App, which will be triggered through HTTP request, POST, and I should retrieve the user details that I pass the credentials into the body. I'm quite newbie on coding, and all tutorials I have seen so far, due my unexeperience, it is a just bunch of non-sense code for me with many details that in my point of view just someone with experience would be able to follow. I was able to generate my token, but not pass it together in my request, also when I call the API it is throwing me the following error:

Parameters: Connection String: [No connection string specified], Resource: http://localhost:7235/api/.default, Authority: . Exception Message: Tried to get token using Azure CLI. Access token could not be acquired. ERROR: AADSTS500011: The resource principal named http://localhost:7235/api/.default was not found in the tenant named <CN>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. <

As a Token Provider, I'm using the class AzureServiceTokenProvider();, which I believe is causing this error. I looked for some alternatives for Token Providers, and I could find only the TokenProver(); but I tried to use some of them and I was getting errors as well. I was requested to do everything using C# and nothing else, not the Portal Azure. The onlu thing I can use from Azure is the Azure Storage Account. I was able to create the "CRUD" system, and they are working fine. I don't have any more class related with token.

This is my code below:

public static async Task<IActionResult> Login(
[HttpTrigger(AuthorizationLevel.Admin, "POST", Route = "login")] HttpRequest req,
[Table("User", Connection = "AzureWebJobsStorage")] TableClient tdClient,
ILogger log)
{
string url = "http://localhost:7235/api/.default";
var httpClient = new HttpClient();
var azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync(url);
var requestBody = await new StreamReader(req.Body).ReadToEndAsync();
var input = JsonConvert.DeserializeObject<CreateUserDto>(requestBody);
var user = new User
{
email = input.email,
password = input.password
};
string userToString = user.ToString();
var stringContent = new StringContent(userToString, Encoding.UTF8, "application/json");
var response = await httpClient.PostAsync(url, stringContent).ConfigureAwait(false);
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
return new OkObjectResult(response);
}

I really don't want to use the AzureServiceTokenProvider(); class. Is it possible to do that using the TokenProvider();. How can I do that? I hope I made myself clear. Thanks.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,211 questions
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,134 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,196 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,381 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 27,141 Reputation points Microsoft Employee
    2022-08-24T10:45:18.433+00:00

    Hi @Julio Caproni ,

    Thanks for reaching out.

    I understand you are trying to authenticate Azure services with App Authentication client library and getting the ERROR: AADSTS500011.

    This error usually comes when application has not been configured properly. Make sure you are following below to request the token:

    -Register the application in Azure AD and expose the API into the application.
    -Assign System Assigned Managed Identity to the Function.
    -Deploy the application in Function app and request a token using its identity.

    Reference blog : https://www.rahulpnath.com/blog/how-to-authenticate-azure-function-with-azure-web-app-using-managed-service-identity/

    However, Microsoft.Azure.Services.AppAuthentication is no longer recommended and replaced with Azure Identity for latest Azure SDK.

    Hope this will help.

    Thanks,
    Shweta

    ------------------------------------------

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments