Grant permission for Azure App Service to Access an Azure Function

Question

I have published an Azure Function to Azure, I need to allow my WebApps to access it but not the public web. I've enabled "Log in with Azure Active Directory" when the user isn't logged in:

If I navigate to the URL of my function, I can see it executes successfully after logging in:

Next, I registered the function in Azure Active Directory App Registrations. Now I want to allow multiple WebApps to access this function but I can't figure out how to get it work. I went to the App Registration for the function and added an "Authorized Client Application":

However, when my client WebApp performs a http get on the function, I get a 401 error, "You do not have permission to view this directory or page."

Answer 1

You didn't show the code, I assume you send the request in the code without the ad token.

You need to do like this:

import requests
from azure.identity import ClientSecretCredential 

client_id = 'xxxxxx'
tenant_id = 'xxxxxx'
client_secret = 'xxxxxx'


credential = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)
accesstoken = str(credential.get_token('https://yourfunctionappname.azurewebsites.net/.default'))[19:1269]
bearertoken = "Bearer "+accesstoken

r = requests.post("https://yourfunctionappname.azurewebsites.net/api/HttpTrigger1",headers={'Authorization': bearertoken})

Above code works fine on my side.