When I am running azure HTTP Trigger function i am getting 401 unauthorized

19
votes

I am trying to run Azure HTTP Trigger Azure Function and I am receiving a 401 Unauthorized. It was working fine for me earlier.

When I created the new function under the same Function App and copied the same code then also it is running fine but when I am trying to run my created function then I am getting the same error that I mentioned.

I'm seeing the following logs in the streaming service.

2018-07-02T07:09:41 Welcome, you are now connected to log-streaming service.

2018-07-02T07:09:48.893 [Info] Executing HTTP request: { "requestId": "53e54698-c46b-4cb6-9ed0-d042eaf9ec71", "method": "POST", "uri": "/api/Source/MPAA/false" }

2018-07-02T07:09:48.893 [Info] Executed HTTP request: { "requestId": "53e54698-c46b-4cb6-9ed0-d042eaf9ec71", "method": "POST", "uri": "/api/Source/MPAA/false", "authorizationLevel": "Anonymous", "status": "Unauthorized" }

4
azureazure-functions
Can you add some of the code of your Azure Function? This might occur if you're trying to access an external resource for which the Function is unauthorized. Maybe due to some configuration issue (Firewall, security, expired identity, etc.). Are you able to debug the code locally and inspect it?Jan_V
@Jan_V I just mentioned in the above description that when I created the new function with same code under the same function app it's working fine.Sumit Garg
Have you enabled App Service Authentication/Authorization? Check under Platform Features > Authentication / Authorization.Connor McMahon
@ConnorMcMahon when I am enabling Authentication/Authorization and after that when I am trying to run the function again I am getting an error like ( Authentication is enabled for the function app. Disable authentication before running the function )Sumit Garg
@ConnorMcMahon Met this problem in v2. Have a httptrigger function created and worked before 2.0.11888 released. After this runtime upgrade, got 401. New created function works fine.Jerry Liu

4 Answers

19
votes

This is how I solved the problem based on the cause correctly provided by Nick above. Do this if you don't want to have to open the Azure Function's GUI every time you push your code.

In the source code of the function:

[FunctionName("YourFunctionName")]
public static async Task<IActionResult> Run(
    [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
    ILogger log){

What I had to do was to change the default setting AuthorizationLevel.Function into AuthorizationLevel.Anonymous. The former only allows triggering from other Function apps, the later will let you trigger from the browser.

11
votes

If you are managing your code via the azure portal, then simply navigate to "Integrate" and change the "Authorization Level" drop-down to "Anonymous". enter image description here

If you are managing your code with source control integration (e.g. via git), add this to your function.json:

"authLevel": "anonymous"

Full snippet of function.json:

{
  "bindings": [
    {
      "name": "req",
      "type": "httpTrigger",
      "direction": "in",
      "methods": [ "post" ],
      "route": "Source/MPAA",
      "authLevel": "anonymous"
    },
    {
      "type": "http",
      "name": "res",
      "direction": "out"
    }
  ],
  "disabled": false
}

Note: the above is just an example, you may have to tweak the route. Note: the /api is the default prefix, and can be modified in the host.json file.

2
votes

Its about the authlevel of the function. If you use the authlevel = anonymous in you function.json file. Then you don't have to pass any access key and you can access the azure function api like the normal api endpoints.

{
"disabled": false,    
"bindings": [
    {
        "authLevel": "anonymous",
        "type": "httpTrigger",
        "direction": "in",
        "name": "req"
    },
    {
        "type": "http",
        "direction": "out",
        "name": "res"
    }
]

}

For example you http trigger is http://<APP_NAME>.azurewebsites.net/api/<FUNCTION_NAME> you can easily access this without any access/auth key.

If your are using the authlevel = function then you have to pass the access key/Api key with the http trigger endpoint while hitting it. If you don't you will get the 401 unauthorized.

    {
"disabled": false,    
"bindings": [
    {
        "authLevel": "function",
        "type": "httpTrigger",
        "direction": "in",
        "name": "req"
    },
    {
        "type": "http",
        "direction": "out",
        "name": "res"
    }
]

}

You need to pass the key like as below example. **https://<APP_NAME>.azurewebsites.net/api/<FUNCTION_NAME>?code=<API_KEY> **

For the authlevel = function you can access the http trigger by the function key and the host key. You will find the Get Function Url section when you open the function in the azure portal.

Note With the host key you can access all of your http trigger endpoints its going to be common for all the http trigger. But the function key is unique for every function.

The third option is to use the authlevel = admin.

{
"disabled": false,    
"bindings": [
    {
        "authLevel": "admin",
        "type": "httpTrigger",
        "direction": "in",
        "name": "req"
    },
    {
        "type": "http",
        "direction": "out",
        "name": "res"
    }
]

}

For auth level admin the http trigger can only be access by the master key. **https://<APP_NAME>.azurewebsites.net/api/<FUNCTION_NAME>?code=<MASTER_KEY> **

You will find all these keys as per the auth levels in the Get Function Url section. The complete guide for the authlevel is in this link. Azure Functions HTTP trigger function authlevel Explanation

I hope this will be helpfull.

0
votes

I started getting 401's too until I realised that I had two functions with the same route. That obviously confused Azure big time.

Check if you don't have different functions with same routes.