Menu
"Easy Authentication and Authorization" feature of Azure App Service works in my Azure Function app if I configure it manually. It does not work when I use an ARM Template.
I used this web site to figure out the config values: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.websites.models.siteauthsettings?view=azuremgmtwebsites-1.6.0-preview
This is what it looks like, ideas?
EDIT : after checking the resulting config at https://resources.azure.com I see that "siteAuthEnabled" and "siteAuthSettings" are not applied at all. Should they be specified somewhere else?
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('webApiFunctionAppName')]",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
],
"resources": [{
"apiVersion": "2016-08-01",
"name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
"type": "Microsoft.Web/sites/config",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('webApiFunctionAppName'))]"
],
"properties": {
"netFrameworkVersion": "v4.0",
"managedPipelineMode": "Integrated",
"siteAuthEnabled": true,
"siteAuthSettings": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('aadClientId')]",
"clientSecret": null,
"issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]",
"allowedAudiences": null,
"isAadAutoProvisioned": false
}
}
}],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"hostNameSslStates": [{
"name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Standard"
},
{
"name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Repository"
}
],
"siteConfig": {
"appSettings": [{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~1"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(parameters('webApiFunctionAppName'))]"
}
]
}
}
}
832
Ok GOT it. This template works.
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('webApiFunctionAppName')]",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
],
"resources": [{
"name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites/config",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webApiFunctionAppName'))]"
],
"properties": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('aadClientId')]",
"issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]"
}
}],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"hostNameSslStates": [{
"name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Standard"
},
{
"name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Repository"
}
],
"siteConfig": {
"appSettings": [{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~1"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(parameters('webApiFunctionAppName'))]"
}
]
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With