401 Unauthorized Error–Azure Active Directory (AD)

Here I am listing down all the possible solutions for 401 Unauthorized Error during AAD configuration for your App Service or Resources.

image

The scenario can be like this:

  • You are able to Authenticate & Get a Valid Token
  • While presenting the Token for service access the Error 401 Unauthorized is happening

Solution 1: Ensure Resource Parameter

Ensure that while requesting the Authentication Token you are specifying the resource parameter.  Without the parameter you will still get the token but the 401 Error will occur as there is no valid resource.

image

Solution 2: Ensure App ID URI mentioned in the Service

Go to App Services > Authentication blade > Advanced Settings

image

Solution 3: Delete & Create new App Registration

Some of the configuration errors will be tricky to find – especially in restricted access production environments.  So you can try following:

  • Delete the App Registration
  • Create new App Registration
  • Set the new App Registration parameters in App Service

Solution 4: View Application Logs

Go to Log Streaming to view the Application Logs.

image_thumb[10]

You can search on the Detailed error code (401.83) OR IDX10214 error code for more details.

Solution 5: View Kudu Logs

You can see the Authentication Token is passed or not through the Kudu > Debug Console > CMD > W3SVC Logs.

image

Summary

In this post we have seen how to troubleshoot AAD Authorization Error.  If you find another solution not listed here, please comment below so I can update back in the article.  Help us to Help you!

References

Testing with Postman

Advertisements

Testing with Postman

Now we can test the previous service with Postman.

Postman

Postman is a GUI Tool for testing HTTP APIs. It is much popular today that almost all Developers have it installed it in their machine.

You can download latest version of Postman from here.

https://www.getpostman.com/tools

Steps

Following are the steps to use Postman.

Get the Token

Create a new GET REQUEST as shown below.

image

Enter the following Values.

· Auth URL use the URL https://login.microsoftonline.com/Your-AAD-Tenant-Name-OR-Guid/oauth2/token and replace the highlighted area

· Client ID You can get this from Azure > App Service > Properties

· Client Secret You can get this from Client Credentials blad

· Grant Type Hardcode as client_credentials

· Resource You can get this from Service > Expose an API blade

image

Call the Service

Now call the service & If everything went fine you will see the response as below.

image

Now follow these steps:

· Create a new GET request

· Add the highlighted headers below

· Set the Token copied from previous step with the Bearer prefix on it

· Click the SEND button in Postman

On successful execution, you will get the results as shown above.

Summary

In this post you have seen how to call an AAD protected API Service with Postman. In real world scenarios we can combine the Token generation & attaching to Service request as a single step.

References

Postman – Automatically attach Token

Azure Diagnostics Logging

Azure allows storing diagnostics logging to following storages:

  • File System
  • Blob Storage

Activity Log

Go to App Service > Activity Log.  Here you can see the Subscription Level (Billing) information like Publishing, Stopping & Restart service etc. 

image

Diagnose and solve problems

Here you can see the app performance, configuration, certificates related  issues.  image

image

App Service logs

For application level troubleshooting we have to use the App Service logs.  Set the Application Logging to On with Level to Verbose.  You can also make Detailed error messages to On.

image

Log Streaming

After enabling Application Logging & Detailed error messages you can view the App Service > Log Streaming window.  This will give live logging information. 

image

Try accessing the URL again and you should get the Logging text in the above window.  Copy the text and Save as HTML file to view the Sub Level error code & Verbose information.

Advanced Tools (Kudu Console)

Open Advanced Tool (Kudu Console) > Debug > CMD

image

KUDU Console will give multiple log information like Application, IIS, Data, Detailed errors etc.

Cosmos DB Advantages

Cosmos DB is gaining Traction exponentially & I would like to list the advantages of Cosmos DB here.

Globally Distributed means scalable across all countries & regions.

Low Latency is the core advantage of Cosmos DB.  This is achieved through SSD based storage, planet scale flexibility providing Millisecond response time.

Flexible Consistency offered through Varying Consistency Models like Strong, Boundless, Session, Prefix, Eventual.

Flexible Pricing Model allows metering of storage & throughput independently rather than CPU/Memory/IOPs.

Elastic Scalability will scale the database based on the request volumes with No Limits. aka Horizontal Scalability

Multi-Storage Model allows storage of data in form of key-value pairs, documents, graphs & columnar

Multi-API Model allows querying the database in SQL for document, MongoDB for document, Azure Table Storage for key-value, Cassandra for columnar etc.

High Security  achieved through End-to-end Encryption on data-in-transit & data-at-rest.

Application Insights in Azure

Application Insights is a Application Performance Management (APM) Service available for Developers & Administrators.  We can use it for web applications deployed to Azure.

Application Insights provides the following features:

  • Application Availability
  • Performance Monitoring
  • Usage Insights

Application Insights also provides Visual Studio Integration, Support for Windows Phone Store Apps etc.

Creation of Application Insights

Open Azure Portal > Create New Resource > Search Box > Enter Application Insights

image

Select the first option & Choose Create.

image

Enter Information in the appearing dialog.

image

Click the Create button in the bottom.

Wait a few minutes & your Application Insights will be created.

image

Now you are ready with the Application Insights panel as shown below.

image

Create Azure Functions using Visual Studio 2017

In this article we can explore about creating Azure Functions using Visual Studio 2017.

Native Tooling in Visual Studio 2017

Visual Studio 2017 includes the Azure Functions SDK to provide Functions template.

Open Visual Studio > New Project > Choose Azure Functions template as shown below.

image

In the next window choose the Http Trigger option.

image

You will get the following Code generated.

image

Run the application & You will get the following command window.

image

Towards the end you will see the URL to copy.

image

You can copy the URL & PUT in the browser. Since it is using Http GET method you will get the break point hit.

image

References

https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview

Summary

In this article we have explored about Azure Functions template in Visual Studio 2017

Microservices, Advantages, Applications, Overheads

Microservices is a Hot Trend in the Industry. Everyone knows the Advantages of it.  Here I would like to list down the same.

Microservices

Microservices are small services, with clear boundaries, easily deployable without affecting other components & offering individual scalability.

Microservices have their own code & data within them.

Microservices offer freedom of technology choices.

Advantages

  • small services
  • single responsibility
  • separate processes
  • clear boundaries
  • easily deployable
  • individually scalability

Applications

NetFlix is a well known example of implementing Microservices.  Here the Netflix contains of following Microservices:

  • Public Website
  • Authentication
  • User Registration
  • Movie Selection
  • Streaming
  • New Releases

Here if each of this is considered as individual microservice, it can be developed, modified, deployed & scaled separately without affecting other application boundaries.

Overheads

But give the advantages, I have never seen a 100% microservice application myself.  Each & Every architect claims to have implemented Microservices.  But when we dig deeper there are missing parameters to support the full microservice implementation.

Boundaries All the depending modules need to have clear boundaries of code & data.  If one of the code/data depends on your microservice module then it will cause failure.

Asynchronous All the synchronous calls has to be converted to asynchronous calls.  For this a normal API call needs to be migrated to Service Bus Messages given an Azure scenario.

Repositories Since each microservice has its own code & data, we need to maintain separate code repositories for each.

Debugging Overheads Unlike monolithic application where one can press F5 and debug a button click to service, it is not possible with microservice.  More complexity is there in debugging microservices.