Description
Bicep version
Bicep CLI version 0.9.1 (a2950a1)
Describe the bug
Expected:
Setting "unauthenticatedClientAction: 'AllowAnonymous'" on authsettingsV2 for an Azure Function App sets the restrict access to allow for unauthenticated access.
What happens:
When deploying authsettingsV2 for an Azure Function App trying to set "AllowAnonymous" for the "unauthenticatedClientAction" parameter with a linked Azure Static Web Apps the Authenticaton Settings gives the error :
Unauthenticated traffic is blocked, and requests will receive an HTTP 401 Unauthorized. This is because the app is configured to redirect unauthenticated traffic to an invalid target. You should update the authentication settings either to redirect to a configured provider or to handle unauthenticated requests in a different way.
when using the following resource configuration:
To Reproduce
Deploy and link Azure Function and Static Web App using the following code:
resource hostingPlan 'Microsoft.Web/serverfarms@2020-10-01' = {
name: hostingPlanName
location: location
sku: {
name: 'Y1'
tier: 'Dynamic'
}
}
resource functionApp 'Microsoft.Web/sites@2020-06-01' = {
name: functionAppName
location: location
kind: 'functionapp'
properties: {
httpsOnly: true
serverFarmId: hostingPlan.id
siteConfig: {
netFrameworkVersion: 'v6.0'
ftpsState: 'Disabled'
use32BitWorkerProcess: false
http20Enabled: true
cors: {
allowedOrigins: [
staticSite.properties.defaultHostname
]
}
}
}
identity: {
type: 'SystemAssigned'
}
}
resource authSettings 'Microsoft.Web/sites/config@2022-03-01' = {
name: 'authsettingsV2'
parent: functionApp
properties: {
globalValidation: {
unauthenticatedClientAction: 'AllowAnonymous'
}
identityProviders: {
azureStaticWebApps: {
enabled: true
registration: {
clientId: replace(staticSite.properties.defaultHostname, 'https://', '')
}
}
}
}
}
resource staticSite 'Microsoft.Web/staticSites@2022-03-01' = {
name: staticSiteName
location: location
sku: {
name: 'Standard'
tier: 'Standard'
}
properties: {
allowConfigFileUpdates: true
enterpriseGradeCdnStatus: 'Disabled'
stagingEnvironmentPolicy: 'Enabled'
buildProperties: {
skipGithubActionWorkflowGeneration: true
}
}
}
resource staticSiteUserProvidedFunctionApps 'Microsoft.Web/staticSites/userProvidedFunctionApps@2022-03-01' = {
name: functionApp.name
parent: staticSite
properties: {
functionAppRegion: functionApp.location
functionAppResourceId: functionApp.id
}
}
Additional context