Access Azure App Service with Client ID & Secret
I have created an App Service with Microsoft Authentication (Entra ID) in Azure. So while trying to browse the app, I am directly getting this You do not have permission to view this directory or page. Now if I generate OAuth2.0 Token in Postman and access the App, it is working. Now question is -
- Is it possible to setup the app service so that it will automatically prompt for login while browsing rather than You do not have permission to view this directory or page?
- I am able to create a bearer token from https://login.microsoftonline.com/tenant ID/oauth2/v2.0/token with App Registration Client ID & Secret. Is it possible to access the App Service via this Token without user login like OAuth?
- Is it possible to setup the app service so that it will automatically prompt for login while browsing rather than You do not have permission to view this directory or page?
Yes, it is possible to set up an automatic login prompt for Azure App Service.
- By default, Azure App service provides Authorization and Authentication without using any code.
- It provides a simple, code-free way to authenticate users. It can be enabled via Azure Portal, where we can configure identity providers like Microsoft Entra ID (Azure AD), Facebook, Google, etc.
- It handles all aspects of login like user prompts, redirection to identity providers, token validation.
After creating an Azure Web App in Azure, navigate to Settings -> Authentication -> Add Identity Provider.
I selected Microsoft as Identity Provider.
I Used Workforce configuration for current tenant.
In App registration type I selected create new app registration and supported account type is current tenant-single tenant.
After selecting the required fields, I clicked the Add button.
It successfully Added the Identity provider to Azure Web app as shown below.
After browsing the Azure Web App URL, I was prompted with a page requesting permission for the app registration.
After Successful login I am redirect to my web page.
Is it possible to access the App Service via this Token without user login like OAuth?
Yes, it is possible to access App service Via Access Token without user Login.
Thank you @Intelli Tech for clear explanation.
I added App role to my App registration as shown below.
I created New App registration, I added Above App role to Api permissions.
Go to API permission -> Add a Permission -> My Apis ->Azure web app App registration ->Application permission-> Role -> Add Permission.
Make sure to Grant Admin Consent for App role.
In Postman or VS code thunder client extension I pass the below values to get the Access token.
In scope Client id should be the Azure web app Client Id.
Post:https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
grant_type=client_credentials
client_id={client-app-id}
client_secret={client-secret}
scope=api://{AzureWebApp-api-client-id}/.default
I used the access token above and was able to authenticate.
- Azure App Service Plan CPU Spikes to 100%
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM
- How to enable virtualization in Azure VM
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- how to get v2 type token using msal python
- The mock in my pester test keeps calling Connect-AzAccount
- Submitting jobs with different parameters using command line databricks
- The app build failed to produce artifact folder Angular Azure Static Web App Deployment Issue
- azure function .python_packages missing
- Redeploy .NET Aspire project after resource cleanup
- Access Azure App Service with Client ID & Secret
- Download all files from Azure storage account
- Azure Frontdoor is Overwriting XFF header
- Azure pipeline stopped giving installable MAUI app
- How access Azure APIs
- functionTimeout not working in local.settings.json Azure Function in my local machine
- How do I display Azure Deployment Center log history in Grafana
- Azure Functions in .NET 7 (isolated) published to Azure, 0 functions loaded
- Unable to connect to the server: getting credentials: exec: executable kubelogin not found
- Split multiple tables from a single sheet in excel using data flows