5
votes

"Easy Authentication and Authorization" feature of Azure App Service works in my Azure Function app if I configure it manually. It does not work when I use an ARM Template.

I used this web site to figure out the config values: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.websites.models.siteauthsettings?view=azuremgmtwebsites-1.6.0-preview

This is what it looks like, ideas?

EDIT : after checking the resulting config at https://resources.azure.com I see that "siteAuthEnabled" and "siteAuthSettings" are not applied at all. Should they be specified somewhere else?

{
  "apiVersion": "2016-08-01",
  "type": "Microsoft.Web/sites",
  "name": "[parameters('webApiFunctionAppName')]",
  "location": "[resourceGroup().location]",
  "kind": "functionapp",
  "dependsOn": [
    "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
  ],
  "resources": [{
    "apiVersion": "2016-08-01",
    "name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
    "type": "Microsoft.Web/sites/config",
    "dependsOn": [
      "[concat('Microsoft.Web/sites/', parameters('webApiFunctionAppName'))]"
    ],
    "properties": {
      "netFrameworkVersion": "v4.0",
      "managedPipelineMode": "Integrated",
      "siteAuthEnabled": true,
      "siteAuthSettings": {
        "enabled": true,
        "unauthenticatedClientAction": "RedirectToLoginPage",
        "tokenStoreEnabled": true,
        "allowedExternalRedirectUrls": null,
        "defaultProvider": "AzureActiveDirectory",
        "clientId": "[parameters('aadClientId')]",
        "clientSecret": null,
        "issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]",
        "allowedAudiences": null,
        "isAadAutoProvisioned": false
      }
    }
  }],
  "properties": {
    "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "hostNameSslStates": [{
        "name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Standard"
      },
      {
        "name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Repository"
      }
    ],
    "siteConfig": {
      "appSettings": [{
          "name": "AzureWebJobsDashboard",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "AzureWebJobsStorage",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "FUNCTIONS_EXTENSION_VERSION",
          "value": "~1"
        },
        {
          "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "WEBSITE_CONTENTSHARE",
          "value": "[toLower(parameters('webApiFunctionAppName'))]"
        }
      ]
    }
  }
}
1
In situations where one configuration works, but the other one does not, I go to resources.azure.com to view the configurations of each. This allows me to see how each resource is configured and see where they differ.Cloud SME
@AndrésNava-.NET thanks for the hint. Please see my EDITHelikaon

1 Answers

14
votes

Ok GOT it. This template works.

 {
  "apiVersion": "2016-08-01",
  "type": "Microsoft.Web/sites",
  "name": "[parameters('webApiFunctionAppName')]",
  "location": "[resourceGroup().location]",
  "kind": "functionapp",
  "dependsOn": [
    "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
  ],
  "resources": [{
    "name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
    "apiVersion": "2016-08-01",
    "type": "Microsoft.Web/sites/config",
    "location": "[resourceGroup().location]",
    "dependsOn": [
      "[resourceId('Microsoft.Web/sites', parameters('webApiFunctionAppName'))]"
    ],
    "properties": {
      "enabled": true,
      "unauthenticatedClientAction": "RedirectToLoginPage",
      "tokenStoreEnabled": true,
      "defaultProvider": "AzureActiveDirectory",
      "clientId": "[parameters('aadClientId')]",
      "issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]"
    }
  }],
  "properties": {
    "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "hostNameSslStates": [{
        "name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Standard"
      },
      {
        "name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Repository"
      }
    ],
    "siteConfig": {
      "appSettings": [{
          "name": "AzureWebJobsDashboard",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "AzureWebJobsStorage",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "FUNCTIONS_EXTENSION_VERSION",
          "value": "~1"
        },
        {
          "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "WEBSITE_CONTENTSHARE",
          "value": "[toLower(parameters('webApiFunctionAppName'))]"
        }
      ]
    }
  }
}