How to restrict access of Azure App Service to only users added in user and group setting in Azure Ad?

Question

My angular .net core 2.0 app uses oauth2.0 authentication and i have configured the same in startup.cs. PFB Code

   services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            })
            .AddCookie()

            .AddOpenIdConnect(options =>
            {
                options.ClientId = azureAdConfig.ClientId;
                options.ClientSecret = azureAdConfig.ClientSecret;
                options.Authority = string.Format(azureAdConfig.AADInstance, azureAdConfig.Tenant);
                options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                options.Resource = azureAdConfig.ResourceURI_Graph;
              options.Events = new AuthEvents(azureAdConfig, connectionStringsConfig);
            });

App works fine, but now i want to restrict App to be used by set of users. For which i have added required users and groups in Azure AD app.

Then i have enabled following settings in azure app service.

Also i have enabled User Assignment required setting in Azure AD Enterprise Application. PFB

But now, when i access the application, i get following error: ( i have added required reply urls)

Answer 1

Since you are using OpenID Connect to sign in users from AAD , using the ASP.Net OpenID Connect OWIN middleware in web application , you don't need to config the built-in authentication and authorization support of App Service .

Try to disable the authentication and authorization feature , enable user assignment required of AAD app , and let OIDC middleware in your application to control the authentication process .