question

VictorGarcaPastor-0872 avatar image
0 Votes"
VictorGarcaPastor-0872 asked ·

Authorization Header missing in webapp

Hi everyone.

I have an api developed with symfony that use jwt tokens toa utenticate ours users.

When i send a Authorization Bearer {JWT Token} header, the webapp remove this, and our code can't access.

I try to use another name for the header and it's received fine for the application.

How can i make that Azure Webapp don't intercept this token and pass this to the application.

Thanks!

PD: Authentication WebApp it's disabled

App Settings
{"deployment_branch":"master","SCM_TRACE_LEVEL":"Verbose","SCM_COMMAND_IDLE_TIMEOUT":"60","SCM_LOGSTREAM_TIMEOUT":"7200","SCM_BUILD_ARGS":"","WEBSITE_AUTH_RUNTIME_VERSION":"~1","SCM_USE_LIBGIT2SHARP_REPOSITORY":"0","WEBSITE_AUTH_LOGOUT_PATH":"/.auth/logout","ScmType":"None","WEBSITE_AUTH_ENABLED":"False","WEBSITE_AUTH_UNAUTHENTICATED_ACTION":"AllowAnonymous","WEBSITE_HTTPLOGGING_RETENTION_DAYS":"3","WEBSITE_SITE_NAME":"pdmpg01-back","WEBSITE_AUTH_DEFAULT_PROVIDER":"AzureActiveDirectory","WEBSITE_AUTH_TOKEN_STORE":"False","FUNCTIONS_RUNTIME_SCALE_MONITORING_ENABLED":"0","REMOTEDEBUGGINGVERSION":"16.0.28729.10","LogLevel":"debug","WEBSITE_AUTH_AUTO_AAD":"False"}


azure-active-directoryazure-webapps
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am sorry but I am not able to follow you when you say "When i send a Authorization Bearer {JWT Token} header, the webapp remove this, and our code can't access" ? Can you please provide details - what exactly you are trying to achieve, what steps you have followed and if you are getting any errors ?

0 Votes 0 · ·

Hi SaurabhSharma-msft


When we send a packet using postman for example with the Header Authorization:Berarer XXXXtokenJWT the symfony application deployed in the webapp don't receive this header.


If we put another other name to the same value for header this it's received ok b the application.


I hope this explain best our issue.


Regrds!


0 Votes 0 · ·
soumi-MSFT avatar image soumi-MSFT VictorGarcaPastor-0872 ·

@VictorGracaPastor-0872, Thank you for sharing the details. though still confused with this behavior as this is not an expected behavior. This Authorization: Bearer <access-token> sent under the Header of the request being sent to the API, ideally gets validated and authorized by the resource mentioned in the request. Its not making sense as of why the WebApp would filter this out.

We would have to troubleshoot this deeper to understand this better. In order to do that we would like to following details being sent to azcommunity[at]microsoft[dot]com.

  • Tenant ID/Tenant Name:

  • Subscription ID:

  • Application Name:

  • Application ID:

Do also share the reference of this thread in the email so that its easier for us to locate the email and help your further.


0 Votes 0 · ·

0 Answers