Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Receiving 403 error when accessing Azure function app locked down by Azure AD B2C

We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant.

We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth error 403.76 when going in to "Diagnose and solve problems" section of the function app and drilling into 4xx errors.

The function app just does a GetAsync against Cosmos to get your user profile on sign in. However we aren't getting that far, as we are receiving a 403.76 when verifying our token with AD.

We should be able to do a GET against our API and receive data as we were before. Instead we get HTTP status 403 with a sub status of 76.

The error in "Diagnose and solve problems" section:

EasyAuth:AuthorizationCheckFailed. For more details, refer to HTTP Status Codes by EasyAuth Module

like image 694
projuljustin Avatar asked Jun 24 '19 20:06

projuljustin


People also ask

How do I fix Azure 403 Forbidden error?

If you're using an Azure AD app registration to authenticate a client app, the second possible solution is to verify that the app registration has permissions configured for the Azure Digital Twins service. If these aren't configured, set them up.

How do I enable authentication in Azure?

Option 1: Create a new app registration automatically This option is designed to make enabling authentication simple and requires just a few clicks. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.

What does ERROR 403 mean in Azure web apps?

Azure Web Apps: “Error 403 - This web app is stopped..” - Microsoft Tech Community Azure Web Apps: “Error 403 - This web app is stopped..” In support we often receive support calls about the error message, “Error 403 - This web app is stopped.”, when browsing to an Azure website.

How to fix error 135011 and 403 in Azure AD?

Usually, the 135011 error is your organization disabled your device, you can use web client as a workaround before you contact your admin. And the 403 code means you don't have permission to access Azure AD. For 135011 you can ask your admin to enable your device, as shown below: For 403 code, you can ask your admin turn off restrict:

Why can't I connect to Azure App service?

When the public access is not allowed on Azure App Service, if you have open public API. The IP of your application with which you are calling the app service is not whitelisted. If you have any gateway in between then that may also be blocking your calls. Try removing the access restrictions from Networking page of your web app.

How do I restrict access to a website in Azure App service?

If you are, please navigate to Networking page of your web app, check the Access Restrictions . If you are not the developer, just contact your administrator and allow your ip to access this website. For more information, see Azure App Service access restrictions. Thanks for contributing an answer to Stack Overflow!


1 Answers

We banged our heads against a wall for five days, so I wanted to make sure this was posted on stack overflow for anyone else facing this issue. Especially since it affected customers.

After working with Microsoft 24/7 for the last three days, we finally received word that this was due to an issue on their end with EasyAuth. The workaround was to add this in our Configuration of the function app:

WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true

like image 170
projuljustin Avatar answered Oct 22 '22 22:10

projuljustin