I'm trying to add authentication to my Azure Function App before allowing requests to be processed.
To avoid handling tokenization manually, I attempted to configure the Identity Provider for my Function App.
What I've Done So Far: Created an App Registration with the following configurations:
Authentication page:
API Permissions:
Expose an API
Identity Provider
The Issue: When I try to test or run my function, I receive a 401 Unauthorized error. I expected the Identity Provider to handle authentication automatically. However, when I click on default domain, it does not request authorization. Instead, a new window opens with the following screens:
Additional Observations:
If I manually navigate to /.auth/login/aad/callback, authentication works, and I get authorized successfully.
My Goal:
I want users to be prompted for authentication before accessing the Function URL. Once authenticated, they should be able to execute the function.
What am I doing wrong? Any guidance would be greatly appreciated.
Thanks!
I'm trying to add authentication to my Azure Function App before allowing requests to be processed.
To avoid handling tokenization manually, I attempted to configure the Identity Provider for my Function App.
What I've Done So Far: Created an App Registration with the following configurations:
Authentication page:
API Permissions:
Expose an API
Identity Provider
The Issue: When I try to test or run my function, I receive a 401 Unauthorized error. I expected the Identity Provider to handle authentication automatically. However, when I click on default domain, it does not request authorization. Instead, a new window opens with the following screens:
Additional Observations:
If I manually navigate to https://func-myfunc-01.azurewebsites/.auth/login/aad/callback, authentication works, and I get authorized successfully.
My Goal:
I want users to be prompted for authentication before accessing the Function URL. Once authenticated, they should be able to execute the function.
What am I doing wrong? Any guidance would be greatly appreciated.
Thanks!
Share Improve this question asked Apr 2 at 8:42 play_something_goodplay_something_good 1452 silver badges12 bronze badges 6- May I know whether you set Unauthenticated requests to 302 insteand of 401? i.sstatic/J14CwM2C.png – Tiny Wang Commented Apr 2 at 9:42
- App Service authentication --> Enabled | Restrict access --> Require authentication | Unauthenticated requests --> Return HTTP 401 Unauthorized | Token store --> Enabled. This is from the authenication page – play_something_good Commented Apr 2 at 9:49
- 1 I think we should choose 302 redirect instead of 401... Could you pls have a try? – Tiny Wang Commented Apr 2 at 10:19
- 1 yes, you are right – play_something_good Commented 2 days ago
- 1 python is the language – play_something_good Commented 2 days ago
1 Answer
Reset to default 0Authentication and authorization are different from each other. Adding Identity provider for our Azure function instance provides us a simple way to secure function endpoints.
Authentication requires to sign-in ahead then visit secured resource, so that we need to set a redirection(http 302 performs URL redirection), while authorization always requires a valid access token in request header and will return 401 error to indicate there's no token or token is invalid, or return 403 error code to indicate token in valid but has insufficient access permission.
OP confirmed that choose 302 redirect instead of 401 when adding the identity provider for Azure function can resolve his issue.