401 Unauthorized Error–Azure Active Directory (AD)

Here I am listing down all the possible solutions for 401 Unauthorized Error during AAD configuration for your App Service or Resources.

image

The scenario can be like this:

  • You are able to Authenticate & Get a Valid Token
  • While presenting the Token for service access the Error 401 Unauthorized is happening

Solution 1: Ensure Resource Parameter

Ensure that while requesting the Authentication Token you are specifying the resource parameter.  Without the parameter you will still get the token but the 401 Error will occur as there is no valid resource.

image

Solution 2: Ensure App ID URI mentioned in the Service

Go to App Services > Authentication blade > Advanced Settings

image

Solution 3: Delete & Create new App Registration

Some of the configuration errors will be tricky to find – especially in restricted access production environments.  So you can try following:

  • Delete the App Registration
  • Create new App Registration
  • Set the new App Registration parameters in App Service

Solution 4: View Application Logs

Go to Log Streaming to view the Application Logs.

image_thumb[10]

You can search on the Detailed error code (401.83) OR IDX10214 error code for more details.

Solution 5: View Kudu Logs

You can see the Authentication Token is passed or not through the Kudu > Debug Console > CMD > W3SVC Logs.

image

Summary

In this post we have seen how to troubleshoot AAD Authorization Error.  If you find another solution not listed here, please comment below so I can update back in the article.  Help us to Help you!

References

Testing with Postman

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s