prancer71
Reputation: 41
How do I add V2 Active Directory authentication w/Client Secrets to an Azure Web App within its ARM template file?
Currently have an ARM template (JSON) that's used to deploy a web app w/authentication (AD, w/Microsoft as the authentication provider...
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": ""
},
"webApp": {
"type": "string",
"defaultValue": "JOIN-Web"
},
"serviceApp": {
"type": "string",
"defaultValue": "JOIN-Service"
},
"runtimeStack": {
"type": "object",
"defaultValue": {
"stack": "dotnetcore",
"dotnetVersion": "v6.0"
}
},
"sku": {
"type": "string",
"defaultValue": "F1"
},
"db": {
"type": "object",
"defaultValue": {
"server": "join-db-server",
"username": "join-db-server-admin",
"password": "8gun@deebiE",
"name": "JOINApps"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
}
},
"variables": {
"deploymentName": "[deployment().name]",
"environmentName": "[if(equals('', parameters('name')), if(contains(variables('deploymentName'), '.'), split(variables('deploymentName'), '.')[1], variables('deploymentName')), parameters('name'))]",
"appServicePlanName": "[concat('ASP-', variables('environmentName'))]",
"webAppName": "[format('{0}-{1}', parameters('webApp'), variables('environmentName'))]",
"serviceAppName": "[format('{0}-{1}', parameters('serviceApp'), variables('environmentName'))]",
"dbServerName": "[format('{0}-{1}', parameters('db').server, variables('environmentName'))]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2022-09-01",
"name": "[variables('appServicePlanName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('sku')]"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2022-09-01",
"name": "[variables('webAppName')]",
"location": "[parameters('location')]",
"properties": {
"state": "Stopped",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"siteConfig": {
"metadata": [
{
"name": "CURRENT_STACK",
"value": "[parameters('runtimeStack').stack]"
}
],
"netFrameworkVersion": "[parameters('runtimeStack').dotnetVersion]",
"phpVersion": "",
"publicNetworkAccess": "Enabled"
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]"
]
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2022-09-01",
"name": "[concat(variables('webAppName'), '/', 'authsettingsV2')]",
"location": "[parameters('location')]",
"properties": {
"globalValidation": {
"redirectToProvider": "azureactivedirectory",
"requireAuthentication": true,
"unauthenticatedClientAction": "RedirectToLoginPage"
},
"identityProviders": {
"azureActiveDirectory": {
"enabled": true,
"isAutoProvisioned": true,
"registration": {
"clientId": "<clientid>",
"clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
"openIdIssuer": "https://sts.windows.net/<tenantid>/v2.0"
},
"validation": {
"allowedAudiences": [
"api://<clientid>"
]
}
},
"legacyMicrosoftAccount": {
"enabled": true
}
},
"login": {
"allowedExternalRedirectUrls": [],
"tokenStore": {
"enabled": true
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('webAppName'))]"
]
}
]
}
Although the web app is created w/the authentication V2 settings when deploying w/this JSON, it does NOT include the client secret w/the name "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET" bundled in with it--in the Azure Portal, when I examine the list of secrets under identity provider (Microsoft) within the authentication settings for the deploy app, "Client secret setting name" is blank.
What do I need to include in my JSON template file (i. e. under the "Microsoft.Web/sites/config" block) to include that secret name, along w/a secret value for it?
Upvotes: 0
Views: 364
Answers (1)
prancer71
Reputation: 41
Found the solution--template JSON for a single web app w/V2 AD authentication enabled (using a Microsoft ID provider) and a client secret is...
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string",
"defaultValue": ""
},
"webApp": {
"type": "string",
"defaultValue": "JOIN-Web"
},
"runtimeStack": {
"type": "object",
"defaultValue": {
"stack": "dotnetcore",
"dotnetVersion": "v6.0"
}
},
"sku": {
"type": "string",
"defaultValue": "F1"
},
"webAppClientId": {
"type": "string",
"defaultValue": "<clientId>"
},
"webAppClientSecret": {
"type": "string",
"defaultValue": "<clientSecret>"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
}
},
"variables": {
"deploymentName": "[deployment().name]",
"environmentName": "[if(equals('', parameters('name')), if(contains(variables('deploymentName'), '.'), split(variables('deploymentName'), '.')[1], variables('deploymentName')), parameters('name'))]",
"appServicePlanName": "[concat('ASP-', variables('environmentName'))]",
"webAppName": "[format('{0}-{1}', parameters('webApp'), variables('environmentName'))]"
},
"resources": [
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2022-09-01",
"name": "[variables('appServicePlanName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('sku')]"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2022-09-01",
"name": "[variables('webAppName')]",
"location": "[parameters('location')]",
"properties": {
"state": "Stopped",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('appServicePlanName'))]",
"siteConfig": {
"appSettings": [
{
"name": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
"value": "[parameters('webAppClientSecret')]"
}
],
"metadata": [
{
"name": "CURRENT_STACK",
"value": "[parameters('runtimeStack').stack]"
}
],
"netFrameworkVersion": "[parameters('runtimeStack').dotnetVersion]",
"phpVersion": "",
"publicNetworkAccess": "Enabled"
}
},
"dependsOn": [
"[variables('appServicePlanName')]"
]
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2022-09-01",
"name": "[concat(variables('webAppName'), '/', 'slotConfigNames')]",
"properties": {
"appSettingNames": [
"MICROSOFT_PROVIDER_AUTHENTICATION_SECRET"
]
},
"dependsOn": [
"[variables('webAppName')]"
]
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2022-09-01",
"name": "[concat(variables('webAppName'), '/', 'authsettingsV2')]",
"properties": {
"globalValidation": {
"redirectToProvider": "azureactivedirectory",
"requireAuthentication": true,
"unauthenticatedClientAction": "RedirectToLoginPage"
},
"identityProviders": {
"azureActiveDirectory": {
"enabled": true,
"isAutoProvisioned": true,
"registration": {
"clientId": "[parameters('webAppClientId')]",
"clientSecretSettingName": "MICROSOFT_PROVIDER_AUTHENTICATION_SECRET",
"openIdIssuer": "[concat('https://sts.windows.net/', tenant().tenantId, '/v2.0')]"
},
"validation": {
"allowedAudiences": [
"[concat('api://', parameters('webAppClientId'))]"
]
}
}
},
"login": {
"allowedExternalRedirectUrls": [],
"tokenStore": {
"enabled": true
}
}
},
"dependsOn": [
"[variables('webAppName')]"
]
}
]
}
Upvotes: 1
Related Questions
- Need to Create ARM Template to enable Auto healing in Azure App service with Custom Auto healing based on HTTP status code range (400-530)
- ARM template Azure Web App - How do you specify Stack Settings (.NET, .NET Core,...)?
- Unable Authenticate - Azure web app with Azure Active Directory (OpenIdConnect)
- ARM template for Azure Active Directory
- Azure Resource Manager Template Language - resourceId(): Unable to evaluate template language function 'resource Id'
- AZURE Resource Manager: Clean up resource group
- ARM deployment resourceID with servicebus not working
- Alert rule in Azure ARM template not enabled in web test