問題描述

我們正在使用 AD B2C 對我們的網絡應用進行身份驗證.上周，當我們使用我們的 AD B2C 租戶調用托管在 Azure 中并被 Active Directory 鎖定的 API 時，我們開始收到 403.76.

We are using AD B2C for authentication on our web app. Last week we started receiving a 403.76 when calling our APIs that are hosted in Azure and locked down by Active Directory using our AD B2C tenant.

發生更改時，我們沒有更改 AD 中的任何配置設置.我們回滾了所有沒有幫助的代碼.我們驗證了我們的令牌在 jwt.io 中是有效的.我們確認我們的受眾是正確的，并且在應用注冊中正確設置了權限.當進入功能應用程序的診斷和解決問題"部分并深入研究 4xx 錯誤時，我們可以看到簡單的身份驗證錯誤 403.76.

We haven't changed any config settings in AD when the change occurred. We rolled back all of our code which didn't help. We verified that our token is valid in jwt.io. We confirmed that our audience is correct and permissions was set properly in app registrations. We can see the easy auth error 403.76 when going in to "Diagnose and solve problems" section of the function app and drilling into 4xx errors.

函數應用僅針對 Cosmos 執行 GetAsync 以在登錄時獲取您的用戶配置文件.但是我們并沒有走得那么遠，因為我們在使用 AD 驗證我們的令牌時收到了 403.76.

The function app just does a GetAsync against Cosmos to get your user profile on sign in. However we aren't getting that far, as we are receiving a 403.76 when verifying our token with AD.

我們應該能夠像以前一樣對我們的 API 執行 GET 并接收數據.相反，我們得到 HTTP 狀態 403，子狀態為 76.

We should be able to do a GET against our API and receive data as we were before. Instead we get HTTP status 403 with a sub status of 76.

診斷和解決問題"部分的錯誤:

The error in "Diagnose and solve problems" section:

EasyAuth:AuthorizationCheckFailed.更多詳情請參考 EasyAuth 模塊的 HTTP 狀態碼

EasyAuth:AuthorizationCheckFailed. For more details, refer to HTTP Status Codes by EasyAuth Module

推薦答案

我們用頭撞墻了五天，所以我想確保將其發布在堆棧溢出上，以供其他面臨此問題的人使用.特別是因為它影響了客戶.

We banged our heads against a wall for five days, so I wanted to make sure this was posted on stack overflow for anyone else facing this issue. Especially since it affected customers.

在過去三天與 Microsoft 24/7 合作后，我們終于收到消息，這是由于他們使用 EasyAuth 的問題.解決方法是將其添加到我們的函數應用配置中:

After working with Microsoft 24/7 for the last three days, we finally received word that this was due to an issue on their end with EasyAuth. The workaround was to add this in our Configuration of the function app:

WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true

WEBSITE_AUTH_AAD_BYPASS_SINGLE_TENANCY_CHECK = true

這篇關于訪問被 Azure AD B2C 鎖定的 Azure 函數應用時收到 403 錯誤的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！