I Have been struggling with Azure App Service authentication for a while now. I have CI/CD pipeline running and want to configure app service authentication using an ARM template. See here (part of) my template:
{
"name": "[parameters('apiAppName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"apiVersion": "2015-08-01",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', parameters('apiHostingPlanName'))]"
],
"properties": {
"name": "[parameters('apiAppName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('apiHostingPlanName'))]",
"siteConfig": {
"siteAuthEnabled": true,
"siteAuthSettings": {
"unauthenticatedClientAction": 0,
"defaultProvider": 0,
"tokenStoreEnabled": true,
"clientAffinityEnabled": false
}
}
}
}
When deploying this, it still shows all authentication providers as not configured.
To configure the AAD provider, I've only come up with two solutions:
- Configure it useing the portal. Not wat I want, manual clicking doesn't combine with continuous delivery
- Use Azure Powershell in my release pipeline to create (if not exists) an app registration with client secret and clientid and specify that in the ARM template.
I was wondering, is there any way I can get the needed application identity automatically created? Possibly using / in combination with Managed Service Identity