Azure AD Authentication in Azure Functions

Question

I am a newbie to Azure AD and trying to enable Azure AD Authentication on the Azure Functions. Below is the architecture.

There are 2 components:

1. Front-end Web application (Nodejs + Express app)
2. Back-end APIs (Azure Functions using .NET core)

• AD authentication has been enabled on front-end application. When the users sign in using their AD credentials, the app gets an access token, refresh token, and id token from Azure.
• AD authentication is enabled on the Azure Functions as well.
• id_token from the web app is passed as a Bearer token in the Auth header when we try to access the Azure Functions.

Reference: https://docs.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-linux

Issue:

• When the Authentication/Authorization on the Azure Functions (via the Azure Portal) using the Express mode is enabled, I am unable to access or publish Azure functions. If the EasyAuth is turned off, I am able to access the functions w/o any issues.

Kindly advice what I am missing here. Thanks in advance!

Below is the exception info from the LogStream:

Unhandled exception in request pipeline: System.Net.WebException: The remote server returned an error: (400) Bad Request.
2020-11-11T01:28:38.421239842Z: [INFO]           at System.Net.HttpWebRequest.GetResponse()
2020-11-11T01:28:38.429941331Z: [INFO]           at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.Download(String url) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 62
2020-11-11T01:28:38.437673222Z: [INFO]           at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.RefreshConfiguration() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 163
2020-11-11T01:28:38.437688622Z: [INFO]           at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.GetCurrentConfiguration() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 150
2020-11-11T01:28:38.437693322Z: [INFO]           at Microsoft.Azure.AppService.Middleware.AzureActiveDirectoryProvider.GetDefault() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/AzureActiveDirectoryProvider.cs:line 808
2020-11-11T01:28:38.437697222Z: [INFO]           at Microsoft.Azure.AppService.Middleware.EasyAuthModule.AuthenticateAsync(HttpContextBase context)
2020-11-11T01:28:38.437712122Z: [INFO]           at Microsoft.Azure.AppService.Middleware.EasyAuthModule.OnAuthenticateRequestAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 243
2020-11-11T01:28:38.437716222Z: [INFO]           at Microsoft.Azure.AppService.MiddlewareShim.Startup.OnRequest(HttpContext context) in /EasyAuth/Middleware.Host/Startup.cs:line 124
  

Answer 1

If you are using EasyAuth to protect your Azure function, you should use the access_token to call it instead of id_token . Please let me know if you have any further questions.