Receiving 403 error when accessing Azure function app locked down by Azure AD B2C
Asked Answered
M

1

9

We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant.

We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth error 403.76 when going in to "Diagnose and solve problems" section of the function app and drilling into 4xx errors.

The function app just does a GetAsync against Cosmos to get your user profile on sign in. However we aren't getting that far, as we are receiving a 403.76 when verifying our token with AD.

We should be able to do a GET against our API and receive data as we were before. Instead we get HTTP status 403 with a sub status of 76.

The error in "Diagnose and solve problems" section:

EasyAuth:AuthorizationCheckFailed. For more details, refer to HTTP Status Codes by EasyAuth Module

Merci answered 24/6, 2019 at 20:24 Comment(0)
M
16

We banged our heads against a wall for five days, so I wanted to make sure this was posted on stack overflow for anyone else facing this issue. Especially since it affected customers.

After working with Microsoft 24/7 for the last three days, we finally received word that this was due to an issue on their end with EasyAuth. The workaround was to add this in our Configuration of the function app:

WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true

Merci answered 24/6, 2019 at 20:26 Comment(2)
Thank you so much for posting this. We started having this exact problem yesterday and have a support ticket in with MS. I'll be pointing them at this post.Hypogeal
Worked for me! What the heck Microsoft. For all you App Service people out there, I added this in App Serivce -> Configuration -> Application Settings and clicked on "New application setting". Fixed the problem immediately. Here's my post: #56743936Bittner

© 2022 - 2024 — McMap. All rights reserved.