Permission issue + Azure AD

604 Views Asked by At

I have created ASP.net Core 2.1 Web Project with Azure AD Authentication. So it have the below values in appsettings.json.

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "mycompany.onmicrosoft.com",
    "TenantId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "ClientId": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "CallbackPath": "/signin-oidc"
  },

And it automatically sets the redirect URL as "https://localhost:44362/signin-oidc". This web project in turn calls ASP.Net Core 2.1 Web API to get data. I have deployed both projects to Azure App Services.

Once I try to access the deployed web application, I am getting the error as "You do not have permission to view this directory or page."

I have added the below redirect URLs in addition to existing localhost URL.

For App Service, I have enabled "Authentication / Authorization" with "Log in with Azure Active Directory". And Configured the Management Mode as Advanced.

I have enabled detailed errors which has the following information.

    <table border="0" cellpadding="0" cellspacing="0"> 
    <tr class="alt"><th>Requested URL</th><td>&nbsp;&nbsp;&nbsp;https://myweb-Dev:80/signin-oidc</td></tr> 
    <tr><th>Physical Path</th><td>&nbsp;&nbsp;&nbsp;D:\home\site\wwwroot\signin-oidc</td></tr> 
    <tr class="alt"><th>Logon Method</th><td>&nbsp;&nbsp;&nbsp;Not yet determined</td></tr> 
    <tr><th>Logon User</th><td>&nbsp;&nbsp;&nbsp;Not yet determined</td></tr> 
    </table> 
<div class="content-container"> 
<fieldset><h4>More Information:</h4> 
This generic 403 error means that the authenticated user is not authorized to use the requested resource.
 A substatus code in the IIS log files should indicate the reason for the 403 error. If a substatus code
 does not exist, use the steps above to gather more information about the source of the error. 
</fieldset> 
</div> 

Please anyone help me to identify and solve this issue. Thanks.

2

There are 2 best solutions below

0
On BEST ANSWER

As I posted, I have created the project itself with Authentication (Work or School Account). So I removed the Authentication configuration at App Service level. This solved my issue.

1
On

Not sure where the problem is.You can try to troubleshoot in the following ways:

  1. Try to restart the web application, go to App Services> Your Web App> Overview> click Restart.

  2. Enable Azure AD application service authentication:

enter image description here