Hangfire Azure authorization denied

Question

I have deployed my small application with Hangfire to Azure App service. (I've done this with another project)

I am trying to set it up with Azure Active Directory authorization. I went to the Azure portal and set it up in the app service's authentication/authorization settings: Turned on App service authentication, selected Azure Active Directory and added Configured (Express:Existing App) in the authentication providers menu (just like in the previous project). I then restart the app service.

Startup.cs contains:

public void ConfigureServices(IServiceCollection services)
        {
            services.AddHangfire(config => config
            .SetDataCompatibilityLevel(CompatibilityLevel.Version_170)
            .UseSimpleAssemblyNameTypeSerializer()
            .UseRecommendedSerializerSettings()
            .UseMemoryStorage());

            services.AddHangfireServer();
            services.AddRazorPages();
        }

public void Configure(
            IApplicationBuilder app, 
            IWebHostEnvironment env,
            IBackgroundJobClient backgroundJobClient,
            IRecurringJobManager recurringJobs)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseRouting();
            app.UseAuthorization();

            app.UseHangfireDashboard("/jobs", new DashboardOptions()
            {
                Authorization = new[] { new HangFireAuthorizationFilter() }
            });


            app.UseHangfireServer(new BackgroundJobServerOptions { WorkerCount = Environment.ProcessorCount * 5 });


            //backgroundJobClient.Enqueue(() => Console.WriteLine("Hello Hangfire job!!"));


            app.UseEndpoints(endpoints =>
            {
                endpoints.MapRazorPages();
            });
        }

HangFireAuthorizationFilter.cs contains:

public class HangFireAuthorizationFilter : IDashboardAuthorizationFilter
    {
        public bool Authorize([NotNull] DashboardContext context)
        {
            //Can use this for NetCore
            return !context.GetHttpContext().User.Identity.IsAuthenticated;
        }
    }

I publish to Azure successfully and login with my Azure account when prompted, and I get this message: You do not have permission to view this directory or page.

I've enabled logging in the azure app and I get this error message:

What exactly am I doing wrong? I am surely missing something but don't know what. If I disable the authorization from Azure, the deployment and the app itself works as intended.

Answer 1

After some trial and error in the Azure App service settings/configs, the following changes solved my problem:

• Added full URL without route in "Authentication" in App Registration

• Removed "Power BI"-permission from API Permissions in App Registration

• Granted Admin Consent for all predefined permissions in App Registration

• Changed "Action to take when request is not authenticated" to: "Log in with Azure Active Directory" in the App Service "Authentication/Authorization"