How to disable SAS authorization for Logic App?

2
votes

Is there a way to disable the SAS authorization scheme for a Logic App HTTP-trigger?

In the documentation I read the following: "Inbound calls to a request endpoint can use only one authorization scheme, either SAS or Azure Active Directory Open Authentication. Although using one scheme doesn't disable the other scheme..." - Source: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app

What I'm trying to do: I would like to disable the SAS authorization scheme. The logic app should not be triggered when the correct SAS parameter is provided. Or if SAS authorization can't be deactivated, than it should return an error in the case that SAS was used. Only OAuth authorization should give a valid result. Is this possible?

2
azure-logic-appsazure-sasazure-http-trigger

2 Answers

1
votes

We can't disable the SAS authorization in logic app and according to some research, it seems we can't have it return an error in the case that SAS was used. For your requirement of disable SAS, you can go to feedback page and raise a post to suggest develop team add this feature.

0
votes

The Logic App only accepts authorization through either SAS or OAuth and it returns an error when both a SAS-query-parameter and Authorization-header are provided. This means there are two scenario's:

  • Authorization header is present, so authorization was acquired using OAuth
  • Authorization header is missing, so authorization was acquired using SAS

By default the Logic App removes the Authorization header from the incoming request. You can by-pass this default behavior, by adding the operationOption to the Request trigger, see here:

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-actions-triggers#operation-options