My goal is to secure my Azure Functions with Azure AD and call them from a WPF application.
I have an Azure Function with the following definition :
public IActionResult Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)]
HttpRequest req,
ILogger log,
ExecutionContext context,
ClaimsPrincipal claimsPrincipal)
I registered an Azure AD App and configured the settings for Native App Authentication :
I configured my app in the "Expose an API" bladd
I also added an API Permissions
I associated my app in my Azure Functions App in the Authentication / Authorization blade.
I am getting a token from Azure AD like this in a WPF app (using the Microsoft.Identity.Client library)
string applicationID = "***"; // My AppID Guid
PublicClientApp = PublicClientApplicationBuilder.Create(applicationID)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.Build();
var listScopes = new List<string>
{
//"user.read" - Removed based on @tony-yu recommendation
$"api://{applicationID}/MyScope"
};
var authResult = await PublicClientApp.AcquireTokenInteractive(listScopes)
.ExecuteAsync();
var myToken = authResult.AccessToken;
I can authenticate without any problem and I am successfully getting a token but whenever I call my function and I provide my token in the Authorization header (Authorization = Bearer ****), I get :
401 - You do not have permission to view this directory or page.
Here's how I call it (Postman) :
Here is the WWW-Authenticate header content when the call returns
When I check the token I got, it seems legit
Any idea what I am doing wrong?
