We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant.
We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth error 403.76 when going in to "Diagnose and solve problems" section of the function app and drilling into 4xx errors.
The function app just does a GetAsync against Cosmos to get your user profile on sign in. However we aren't getting that far, as we are receiving a 403.76 when verifying our token with AD.
We should be able to do a GET against our API and receive data as we were before. Instead we get HTTP status 403 with a sub status of 76.
The error in "Diagnose and solve problems" section:
EasyAuth:AuthorizationCheckFailed. For more details, refer to HTTP Status Codes by EasyAuth Module
If you're using an Azure AD app registration to authenticate a client app, the second possible solution is to verify that the app registration has permissions configured for the Azure Digital Twins service. If these aren't configured, set them up.
Option 1: Create a new app registration automatically This option is designed to make enabling authentication simple and requires just a few clicks. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.
Azure Web Apps: “Error 403 - This web app is stopped..” - Microsoft Tech Community Azure Web Apps: “Error 403 - This web app is stopped..” In support we often receive support calls about the error message, “Error 403 - This web app is stopped.”, when browsing to an Azure website.
Usually, the 135011 error is your organization disabled your device, you can use web client as a workaround before you contact your admin. And the 403 code means you don't have permission to access Azure AD. For 135011 you can ask your admin to enable your device, as shown below: For 403 code, you can ask your admin turn off restrict:
When the public access is not allowed on Azure App Service, if you have open public API. The IP of your application with which you are calling the app service is not whitelisted. If you have any gateway in between then that may also be blocking your calls. Try removing the access restrictions from Networking page of your web app.
If you are, please navigate to Networking page of your web app, check the Access Restrictions . If you are not the developer, just contact your administrator and allow your ip to access this website. For more information, see Azure App Service access restrictions. Thanks for contributing an answer to Stack Overflow!
We banged our heads against a wall for five days, so I wanted to make sure this was posted on stack overflow for anyone else facing this issue. Especially since it affected customers.
After working with Microsoft 24/7 for the last three days, we finally received word that this was due to an issue on their end with EasyAuth. The workaround was to add this in our Configuration of the function app:
WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With