问题描述
我们正在使用 AD B2C 对我们的网络应用进行身份验证.上周,当我们使用我们的 AD B2C 租户调用托管在 Azure 中并被 Active Directory 锁定的 API 时,我们开始收到 403.76.
We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant.
发生更改时,我们没有更改 AD 中的任何配置设置.我们回滚了所有没有帮助的代码.我们验证了我们的令牌在 jwt.io 中是有效的.我们确认我们的受众是正确的,并且在应用注册中正确设置了权限.当进入功能应用程序的诊断和解决问题"部分并深入研究 4xx 错误时,我们可以看到简单的身份验证错误 403.76.
We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth error 403.76 when going in to "Diagnose and solve problems" section of the function app and drilling into 4xx errors.
函数应用仅针对 Cosmos 执行 GetAsync 以在登录时获取您的用户配置文件.但是我们并没有走得那么远,因为我们在使用 AD 验证我们的令牌时收到了 403.76.
The function app just does a GetAsync against Cosmos to get your user profile on sign in. However we aren't getting that far, as we are receiving a 403.76 when verifying our token with AD.
我们应该能够像以前一样对我们的 API 执行 GET 并接收数据.相反,我们得到 HTTP 状态 403,子状态为 76.
We should be able to do a GET against our API and receive data as we were before. Instead we get HTTP status 403 with a sub status of 76.
诊断和解决问题"部分的错误:
The error in "Diagnose and solve problems" section:
EasyAuth:AuthorizationCheckFailed.更多详情请参考 EasyAuth 模块的 HTTP 状态码
EasyAuth:AuthorizationCheckFailed. For more details, refer to HTTP Status Codes by EasyAuth Module
推荐答案
我们用头撞墙了五天,所以我想确保将其发布在堆栈溢出上,以供其他面临此问题的人使用.特别是因为它影响了客户.
We banged our heads against a wall for five days, so I wanted to make sure this was posted on stack overflow for anyone else facing this issue. Especially since it affected customers.
在过去三天与 Microsoft 24/7 合作后,我们终于收到消息,这是由于他们使用 EasyAuth 的问题.解决方法是将其添加到我们的函数应用配置中:
After working with Microsoft 24/7 for the last three days, we finally received word that this was due to an issue on their end with EasyAuth. The workaround was to add this in our Configuration of the function app:
WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true
WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true
这篇关于访问被 Azure AD B2C 锁定的 Azure 函数应用时收到 403 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!