访问被Azure AD B2C锁定的Azure功能应用程序时收到403错误 [英] Receiving 403 error when accessing Azure function app locked down by Azure AD B2C
问题描述
我们正在使用AD B2C在我们的Web应用程序上进行身份验证.上周,当我们调用托管在Azure中并由Active Directory使用AD B2C租户锁定的API时,我们开始收到403.76.
We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant.
发生更改时,我们尚未更改AD中的任何配置设置.我们回滚了所有无济于事的代码.我们验证了我们的令牌在jwt.io中有效.我们确认观众是正确的,并且在应用程序注册中已正确设置了权限.进入功能应用程序的诊断和解决问题"部分并深入研究4xx错误时,我们可以看到简单身份验证错误403.76.
We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth error 403.76 when going in to "Diagnose and solve problems" section of the function app and drilling into 4xx errors.
该功能应用程序仅对Cosmos进行了GetAsync以使您的用户个人资料登录.但是我们还没有走得太远,因为在用AD验证令牌时会收到403.76.
The function app just does a GetAsync against Cosmos to get your user profile on sign in. However we aren't getting that far, as we are receiving a 403.76 when verifying our token with AD.
我们应该能够像以前一样对我们的API进行GET并接收数据.取而代之的是,我们获得HTTP状态403,其子状态为76.
We should be able to do a GET against our API and receive data as we were before. Instead we get HTTP status 403 with a sub status of 76.
诊断和解决问题"部分中的错误:
The error in "Diagnose and solve problems" section:
EasyAuth:AuthorizationCheckFailed.有关更多详细信息,请参阅EasyAuth模块的HTTP状态代码
EasyAuth:AuthorizationCheckFailed. For more details, refer to HTTP Status Codes by EasyAuth Module
推荐答案
我们将头撞在墙上五天,所以我想确保此问题已发布到堆栈溢出中,以解决其他面临此问题的人.特别是因为它影响了客户.
We banged our heads against a wall for five days, so I wanted to make sure this was posted on stack overflow for anyone else facing this issue. Especially since it affected customers.
在过去三天与Microsoft 24/7一起工作之后,我们终于收到消息,说这是由于EasyAuth的问题.解决方法是将其添加到功能应用程序的配置"中:
After working with Microsoft 24/7 for the last three days, we finally received word that this was due to an issue on their end with EasyAuth. The workaround was to add this in our Configuration of the function app:
WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true
WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true
这篇关于访问被Azure AD B2C锁定的Azure功能应用程序时收到403错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
