Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Azure WebApp with Azure AD App returning `auth/login/aad/callback` permission

Tags:

asp.net-core

azure

azure-active-directory

After setting up a Azure Web App with Azure AD Authentication, the site is returning a 401 after authenticating.

This is the auth flow as I see it.

  1. Go to https://mysite-$environment.azurewebsites.net/
  2. Redirects to https://login.microsoftonline.com/
  3. Authenticate using my credentials
  4. Redirects to https://mysite-$environment.azurewebsites.net/.auth/login/aad/callback
  5. Error You do not have permission to view this directory or page. HttpStatus 401.

Long version

I have 3 x Web Apps in Azure under the same Service Plan - 1 x website and 2 x APIs.

I would like these to use Azure AD for authentication.

So, I created an Azure AD App using Powershell.

$app = @{
    DisplayName = "azad-$environment-mysite"
    IdentifierUris = @(
        "https://mysite-$environment.azurewebsites.net",
        "https://mysite-api-$environment.azurewebsites.net",
        "https://mysite-api-2-$environment.azurewebsites.net"
    )
    HomePage = "https://mysite-$environment.azurewebsites.net"
    ReplyUrls = @(
        "https://mysite-$environment.azurewebsites.net",
        "https://mysite-api-$environment.azurewebsites.net",
        "https://mysite-api-2-$environment.azurewebsites.net"
    )
    AvailableToOtherTenants = $false
}

New-AzureRmADApplication @app

Then using the ApplicationId returned, I have setup the Azure AD through the portal Web App > Authentication / Authorization blade.

This is similar scenario to question asked over at Azure AD server authentication, No permission to view directory question.

like image 538
Dennis Avatar asked Dec 07 '25 06:12

Dennis

1 Answers

You have to register each app in the AAD and you can do it, more easily, via azure-portal.

When you have the web-app registered through the "Express" process everything should work as expected (OAuth2 flow). The problem may come with your API-app especially if you need to access with server-to-server.

Because the process is a little bit long to write here I wrote two posts:

Web API access through Azure Active Directory

API-APP server-to-server through Azure Active Directory

In the first post you can see the REST flow using POSTMAN.

like image 133
Fabio Maulo Avatar answered Dec 09 '25 19:12

Fabio Maulo

Sign in to Comment

Related questions

Azure app insights viewer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!