Skip to content

Unable to set unauthenticatedClientAction: AllowAnonymous for authsettingsV2 using azureStaticWebApps #8407

New issue
New issue
Open
Open
Unable to set unauthenticatedClientAction: AllowAnonymous for authsettingsV2 using azureStaticWebApps#8407

Description

@Jacob-Steentoft

Jacob-Steentoft
openedon Sep 14, 2022

Bicep version
Bicep CLI version 0.9.1 (a2950a1)

Describe the bug
Expected:
Setting "unauthenticatedClientAction: 'AllowAnonymous'" on authsettingsV2 for an Azure Function App sets the restrict access to allow for unauthenticated access.

What happens:
When deploying authsettingsV2 for an Azure Function App trying to set "AllowAnonymous" for the "unauthenticatedClientAction" parameter with a linked Azure Static Web Apps the Authenticaton Settings gives the error :

Unauthenticated traffic is blocked, and requests will receive an HTTP 401 Unauthorized. This is because the app is configured to redirect unauthenticated traffic to an invalid target. You should update the authentication settings either to redirect to a configured provider or to handle unauthenticated requests in a different way.

image

when using the following resource configuration:
image

To Reproduce
Deploy and link Azure Function and Static Web App using the following code:

resource hostingPlan 'Microsoft.Web/serverfarms@2020-10-01' = {
  name: hostingPlanName
  location: location
  sku: {
    name: 'Y1'
    tier: 'Dynamic'
  }
}

resource functionApp 'Microsoft.Web/sites@2020-06-01' = {
  name: functionAppName
  location: location
  kind: 'functionapp'
  properties: {
    httpsOnly: true
    serverFarmId: hostingPlan.id
    siteConfig: {
      netFrameworkVersion: 'v6.0'
      ftpsState: 'Disabled'
      use32BitWorkerProcess: false
      http20Enabled: true
      cors: {
        allowedOrigins: [
          staticSite.properties.defaultHostname
        ]
      }
    }
  }
  identity: {
    type: 'SystemAssigned'
  }
}

resource authSettings 'Microsoft.Web/sites/config@2022-03-01' = {
  name: 'authsettingsV2'
  parent: functionApp
  properties: {
    globalValidation: {
      unauthenticatedClientAction: 'AllowAnonymous'
    }
    identityProviders: {
      azureStaticWebApps: {
        enabled: true
        registration: {
          clientId: replace(staticSite.properties.defaultHostname, 'https://', '')
        }
      }
    }
  }
}

resource staticSite 'Microsoft.Web/staticSites@2022-03-01' = {
  name: staticSiteName
  location: location
  sku: {
    name: 'Standard'
    tier: 'Standard'
  }
  properties: {
    allowConfigFileUpdates: true
    enterpriseGradeCdnStatus: 'Disabled'
    stagingEnvironmentPolicy: 'Enabled'
    buildProperties: {
      skipGithubActionWorkflowGeneration: true
    }
  }
}

resource staticSiteUserProvidedFunctionApps 'Microsoft.Web/staticSites/userProvidedFunctionApps@2022-03-01' = {
  name: functionApp.name
  parent: staticSite
  properties: {
    functionAppRegion: functionApp.location
    functionAppResourceId: functionApp.id
  }
}

Additional context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    provider bugtroubleshooting

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions