Function app - identity provider authentication
I'm trying to add authentication to my Azure Function App before allowing requests to be processed.
To avoid handling tokenization manually, I attempted to configure the Identity Provider for my Function App.
What I've Done So Far: Created an App Registration with the following configurations:
Authentication page:
API Permissions:
Expose an API
Identity Provider
The Issue:
When I try to test or run my function, I receive a 401 Unauthorized error. I expected the Identity Provider to handle authentication automatically. However, when I click on default domain, it does not request authorization. Instead, a new window opens with the following screens:
Additional Observations:
If I manually navigate to https://func-myfunc-01.azurewebsites.net/.auth/login/aad/callback, authentication works, and I get authorized successfully.
My Goal:
I want users to be prompted for authentication before accessing the Function URL. Once authenticated, they should be able to execute the function.
What am I doing wrong? Any guidance would be greatly appreciated.
Thanks!
Authentication and authorization are different from each other. Adding Identity provider for our Azure function instance provides us a simple way to secure function endpoints.
Authentication requires to sign-in ahead then visit secured resource, so that we need to set a redirection(http 302 performs URL redirection), while authorization always requires a valid access token in request header and will return 401 error to indicate there's no token or token is invalid, or return 403 error code to indicate token in valid but has insufficient access permission.
OP confirmed that choose 302 redirect instead of 401 when adding the identity provider for Azure function can resolve his issue.
- Handling file upload in static web app with azure functions v4
- Call Graph API using the Azure Function managed identity is raising this error "Acces Denied"
- The underlying compression routine could not be loaded correctly error when deplying Function App
- Update just blob contents with terraform
- Issues with OpenTelemetry Integration in .NET 8 Azure Function App
- Azure Functions swap slot will cause "env with checked deployment slot setting" being swapped
- Unable to test and run an Azure function project locally in VS Code using a git repo code
- How do I connect a Blob Trigger Azure Function to a storage account different the one in AzureWebJobsStorage app setting?
- How to solve "Value cannot be null. (Parameter 'provider')" and "Can't determine project language from files."
- Why is my Azure Function Accessible without Authentication?
- Azure App Service Plan: Function vs App Service?
- Can I have Azure Function with HTTP trigger without Storage Account
- How to create Azure Function and deploy content as zip deploy
- module not found 'azure-data' when deploying azure function, works locally
- Azure Function Blob Trigger using Python getting stuck while running at Host lock lease acquired by instance ID '000000000000000000000000055662B6'
- Global exception handler for Azure Functions
- Running an Azure Function locally results in a worker error
- port 7071 is unavailable. Close the process using that port, or specify another port using --port [-p]
- Azure dev ops cicd yaml variable for appSettings, multi line causing an error
- GitHub Action - Deploy Python to Azure Function - import azure.identity not working
- How do I send email from an Azure function app?
- Python Azure Function doesn't show functions after importing packages
- Azure functions get multi file uploads
- VS Code Azure Extension: Infinite loading loop
- Azure Function App using python: how to get the principal name and ID information
- sqlAlchemy to_sql with azure function returning collation error, but work without issues if executing just the python file
- Getting (x) Input path can't be empty for jobs. error while submitting a command job in Azure ml
- Function app - identity provider authentication
- Cannot see my HTTP trigger function in azure function app deployed by azure Devops ci cd pipeline
- How can I log the http response using middleware in azure functions running .NET 8 isolated process?