Reputation: 566
Static HTML Azure web site behind Azure AD results in 'You do not have permission to view this directory or page.'
I have an azure web app with nothing but .HTML and .CSS files - there is no code of any kind.
Azure AD authentication is enabled.
I am able to visit the site URL, get redirected for authentication and I get in just fine.
Everyone else gets sent to this page after login:
https://myurl.com/.auth/login/aad/callback
and they get a 401 error on the browser:
You do not have permission to view this directory or page.
Why is it working for me, and not everyone else who authenticates?
Is there somewhere I need to tell Azure Web Apps that I want all the files to be available to any authenticated user?
Upvotes: 1
Views: 1774
Answers (2)
Reputation: 566
Found the answer to this, posting here to help others.
When you setup "App Service Authentication" with Azure using the "Express" option, an "App Registration" is created in Azure Active Directory.
When this happens a Client secret is automagically created on the Azure AD Object and then inserted into the Azure App service
It seems that something happened along the way in my website, where this was set correctly initially, but then changed - I'm sure it was my own doing.
The symptoms of this are a bit interesting. Any account that worked prior to the change of the App Registration continued to work.
Any account that hadn't yet signed in, failed.
This is why one of my accounts worked and the rest did not.
The solution was fairly simple, I clicked on the app service in azure, the on the Azure AD line, then in the "Azure Active Directory Settings" blade, set the "management mode" to "off" hit ok,
and saved in the blade to the left, then refreshed the browser.
Next I went into Azure AD and deleted the app registration for that app, (I did this so I could re-use the app registration name)
Here is a screenshot of that screen, it's under the active directory category, and not part of your web apps settings. find your app registration, click it and then delete.
Next I went back to the Azure App service (web app) and Re-configured Azure AD Auth using the "express" settings.
Hope this helps someone!
Upvotes: 0
Reputation: 9401
This issue may caused by that the AD application for your Web App has not been configured correctly. I did a test in my lab and found this solution:
Solution:
Go to Azure Portal > Your Web Application > Authentication/Authorization > Azure Active Directory > Manage Application > Required permissions >
Delete other permissions except Windows Azure Active Directory > Ensure the DELEGRATED PERMISSIONS Sign in and read user profile has been enabled and the REQUIRES ADMIN is NO:
Also, Ensure the App ID URI and the Home page URL are all the URL of the Web app
Additional, if your configuration still cannot work, you can delete the Azure AD application and follow this steps to recreate a new one. It will work perfectly.
Please let me know if it helps!
Upvotes: 1
Related Questions
- "You do not have permission to view this directory or page" error in Azure
- 404 Error when authenticating a Azure Static Web Application
- Azure Static Web App Authorization Link Issue - Redirecting to Wrong Identity Link
- Azure Static Website: The account being accessed does not support http
- Azure Static Web app with custom Azure AD Tenant not redirecting
- What is the easiest way to authorize access to a static html with azure AD B2C?
- You do not have permission to view this directory or page unauthorized 401
- Azure Web App Authentication / Authorization issue
- HTML pages not AAD Authenticated
- MVC 4 website hosted on Azure says I do not have permission to view directory or page