Need to authenticate azure function app against Azure AD with configured application gateway

0
votes

I Have configured a azure function app with authentication enabled to Azure Ad and placed behind the application gateway. Now this function app should be access only through application gateway public IP DNS , have gone to access restriction option of function app and only allowed "default subnet of vnet which comes when configuring application gateway".

The issue after this is while calling the URL of application gateway, it tries authenticate using azure AD and after successful authentication we are getting 403 error with the URL "https://*****.azurewebsites.net/.auth/login/aad/callback".

1
azure-active-directoryazure-functionsazure-virtual-networkazure-application-gateway
Without the access restriction in the function app, it will still get the 403 error?Nancy Xiong
Without restrictions it works fine.user1014275
Could you try to add the public IP of app gw instead of the "default subnet of vnet " to the restriction in the function app? Is there any error?Nancy Xiong
now i am getting error " The reply url specified in the request does not match the reply urls configured for the application".user1014275
What do you have changed? For the error, try this solution, let me know if it helps.Nancy Xiong

1 Answers

1
votes

In this case, you change access restriction from vnet to public ip address of gateway in the function app. This 403 error is disappearing.

Here is a good blog detailed about how to set up Application Gateway with an App Service that uses Azure Active Directory Authentication. In the scenario, you should point the custom domain to the function App to get past the function app hostname validation/adding process there. After the hostname is added on the function app, you can then adjust the hostname records to point to the Application Gateway.

Then, both your *.azurewebsites.net and custom domain URLs https://<custom domain>/.auth/login/aad/callback should be configured for the reply URLs.