Here I am listing down all the possible solutions for 401 Unauthorized Error during AAD configuration for your App Service or Resources.
The scenario can be like this:
- You are able to Authenticate & Get a Valid Token
- While presenting the Token for service access the Error 401 Unauthorized is happening
Solution 1: Ensure Resource Parameter
Ensure that while requesting the Authentication Token you are specifying the resource parameter. Without the parameter you will still get the token but the 401 Error will occur as there is no valid resource.
Solution 2: Ensure App ID URI mentioned in the Service
Go to App Services > Authentication blade > Advanced Settings
Solution 3: Delete & Create new App Registration
Some of the configuration errors will be tricky to find – especially in restricted access production environments. So you can try following:
- Delete the App Registration
- Create new App Registration
- Set the new App Registration parameters in App Service
Solution 4: View Application Logs
Go to Log Streaming to view the Application Logs.
You can search on the Detailed error code (401.83) OR IDX10214 error code for more details.
Solution 5: View Kudu Logs
You can see the Authentication Token is passed or not through the Kudu > Debug Console > CMD > W3SVC Logs.
In this post we have seen how to troubleshoot AAD Authorization Error. If you find another solution not listed here, please comment below so I can update back in the article. Help us to Help you!
Testing with Postman
Now we can test the previous service with Postman.
Postman is a GUI Tool for testing HTTP APIs. It is much popular today that almost all Developers have it installed it in their machine.
You can download latest version of Postman from here.
Following are the steps to use Postman.
Get the Token
Create a new GET REQUEST as shown below.
Enter the following Values.
· Auth URL use the URL https://login.microsoftonline.com/Your-AAD-Tenant-Name-OR-Guid/oauth2/token and replace the highlighted area
· Client ID You can get this from Azure > App Service > Properties
· Client Secret You can get this from Client Credentials blad
· Grant Type Hardcode as client_credentials
· Resource You can get this from Service > Expose an API blade
Call the Service
Now call the service & If everything went fine you will see the response as below.
Now follow these steps:
· Create a new GET request
· Add the highlighted headers below
· Set the Token copied from previous step with the Bearer prefix on it
· Click the SEND button in Postman
On successful execution, you will get the results as shown above.
In this post you have seen how to call an AAD protected API Service with Postman. In real world scenarios we can combine the Token generation & attaching to Service request as a single step.
Postman – Automatically attach Token
Azure allows storing diagnostics logging to following storages:
Go to App Service > Activity Log. Here you can see the Subscription Level (Billing) information like Publishing, Stopping & Restart service etc.
Diagnose and solve problems
Here you can see the app performance, configuration, certificates related issues.
App Service logs
For application level troubleshooting we have to use the App Service logs. Set the Application Logging to On with Level to Verbose. You can also make Detailed error messages to On.
After enabling Application Logging & Detailed error messages you can view the App Service > Log Streaming window. This will give live logging information.
Try accessing the URL again and you should get the Logging text in the above window. Copy the text and Save as HTML file to view the Sub Level error code & Verbose information.
Advanced Tools (Kudu Console)
Open Advanced Tool (Kudu Console) > Debug > CMD
KUDU Console will give multiple log information like Application, IIS, Data, Detailed errors etc.
Cosmos DB is gaining Traction exponentially & I would like to list the advantages of Cosmos DB here.
Globally Distributed means scalable across all countries & regions.
Low Latency is the core advantage of Cosmos DB. This is achieved through SSD based storage, planet scale flexibility providing Millisecond response time.
Flexible Consistency offered through Varying Consistency Models like Strong, Boundless, Session, Prefix, Eventual.
Flexible Pricing Model allows metering of storage & throughput independently rather than CPU/Memory/IOPs.
Elastic Scalability will scale the database based on the request volumes with No Limits. aka Horizontal Scalability
Multi-Storage Model allows storage of data in form of key-value pairs, documents, graphs & columnar
Multi-API Model allows querying the database in SQL for document, MongoDB for document, Azure Table Storage for key-value, Cassandra for columnar etc.
High Security achieved through End-to-end Encryption on data-in-transit & data-at-rest.
Application Insights is a Application Performance Management (APM) Service available for Developers & Administrators. We can use it for web applications deployed to Azure.
Application Insights provides the following features:
- Application Availability
- Performance Monitoring
- Usage Insights
Application Insights also provides Visual Studio Integration, Support for Windows Phone Store Apps etc.
Creation of Application Insights
Open Azure Portal > Create New Resource > Search Box > Enter Application Insights
Select the first option & Choose Create.
Enter Information in the appearing dialog.
Click the Create button in the bottom.
Wait a few minutes & your Application Insights will be created.
Now you are ready with the Application Insights panel as shown below.
In this article we can explore about creating Azure Functions using Visual Studio 2017.
Native Tooling in Visual Studio 2017
Visual Studio 2017 includes the Azure Functions SDK to provide Functions template.
Open Visual Studio > New Project > Choose Azure Functions template as shown below.
In the next window choose the Http Trigger option.
You will get the following Code generated.
Run the application & You will get the following command window.
Towards the end you will see the URL to copy.
You can copy the URL & PUT in the browser. Since it is using Http GET method you will get the break point hit.
In this article we have explored about Azure Functions template in Visual Studio 2017
Microservices is a Hot Trend in the Industry. Everyone knows the Advantages of it. Here I would like to list down the same.
Microservices are small services, with clear boundaries, easily deployable without affecting other components & offering individual scalability.
Microservices have their own code & data within them.
Microservices offer freedom of technology choices.
- small services
- single responsibility
- separate processes
- clear boundaries
- easily deployable
- individually scalability
NetFlix is a well known example of implementing Microservices. Here the Netflix contains of following Microservices:
- Public Website
- User Registration
- Movie Selection
- New Releases
Here if each of this is considered as individual microservice, it can be developed, modified, deployed & scaled separately without affecting other application boundaries.
But give the advantages, I have never seen a 100% microservice application myself. Each & Every architect claims to have implemented Microservices. But when we dig deeper there are missing parameters to support the full microservice implementation.
Boundaries All the depending modules need to have clear boundaries of code & data. If one of the code/data depends on your microservice module then it will cause failure.
Asynchronous All the synchronous calls has to be converted to asynchronous calls. For this a normal API call needs to be migrated to Service Bus Messages given an Azure scenario.
Repositories Since each microservice has its own code & data, we need to maintain separate code repositories for each.
Debugging Overheads Unlike monolithic application where one can press F5 and debug a button click to service, it is not possible with microservice. More complexity is there in debugging microservices.