Using authorization.json with Azure Functions breaks portal

Question

I'm using Azure Functions and I'm using AAD for authentication. However, I have one function that uses an EventGrid trigger so I need to disable authentication for that one function. To achieve this I've set the auth settings in the function app to allow anonymous requests and I'm using an authorization.json file to switch on authentication for all functions except the one that I want to be anonymous.

If I use an authorization.json file like this, then when I go to the portal and click on one of the functions, I get an error saying that the function runtime is unable to start:

{
  "routes": [
    {
      "path_prefix": "/",
      "policies": { "unauthenticated_action": "RejectWith401" }
    },
    {
      "path_prefix": "/runtime/webhooks/EventGrid",
      "policies": { "unauthenticated_action": "AllowAnonymous" }
    }
  ]
}

However, if I change it like so, the portal works again, but I assume that the admin endpoints will now all be wide open.

{
  "routes": [
    {
      "path_prefix": "/",
      "policies": { "unauthenticated_action": "RejectWith401" }
    },
    {
      "path_prefix": "/runtime/webhooks/EventGrid",
      "policies": { "unauthenticated_action": "AllowAnonymous" }
    },
    {
      "path_prefix": "/admin",
      "policies": { "unauthenticated_action": "AllowAnonymous" }
    }
  ]
}

How should I configure my authorization.json file such that everything is secure except the EventGrid function?

Answer 1

I was using the following and it worked.

{
  "routes": [
    {
      "path_prefix": "/api",
      "policies": { "unauthenticated_action": "RejectWith401" }
    },
    {
      "path_prefix": "/runtime/webhooks/EventGrid",
      "policies": { "unauthenticated_action": "AllowAnonymous" }
    }
  ]
}

Not having entry on root "/" fixes portal.

Even without specifying /admin, the /admin url is protected. I tried accessing it via browser, it returned unauthorised 401.