Azure App Service Web app authentication is Off
Description
Azure App Service Authentication is a feature that prevents anonymous HTTP requests from reaching the API app. Users with tokens are authenticated before they reach the API app. If an anonymous request is received from a browser, App Service redirects to a logon page. To handle the logon process select from a set of identity providers, or implement a custom authentication mechanism.
Enabling App Service Authentication allows every incoming HTTP request to pass through it before being handled by the application code. Authentication of users with specified providers are handled, for example, Azure Active Directory, Facebook, Google, Microsoft Account, and Twitter. It also handles authentication of validation, storing and refreshing of tokens, managing the authenticated sessions, and injecting identity information into request headers.
Fix - Runtime
Azure Portal
To change the policy using the Azure Portal, follow these steps:
- Log in to the Azure Portal at https://portal.azure.com.
- Navigate to App Services.
- Click each App.
- Navigate to the Setting section, click Authentication / Authorization.
- Set App Service Authentication to On.
- Select additional parameters as per your requirements.
- Click Save.
CLI Command
To set App Service Authentication for an existing app, use the following command:
az webapp auth update
--resource-group <RESOURCE_GROUP_NAME>
--name <APP_NAME>
--enabled true
Fix - Buildtime
Terraform
- Resource: azurerm_app_service
- Argument: auth_settings:enabled
resource "azurerm_app_service" "example" {
...
+ auth_settings {
+ enabled = true
...
}
}