Azure AD API request 401 Unauthorized
Solution 1:
The issue appears to be with the "Authentication / Authorization" option in Azure Websites, when enabled the Web Api will not accept requests using the Authentication header. Disabling the option and using the Owin library alongside Azure AD has provided the solution required.
Solution 2:
I know this is a few months old, but I wanted to throw out there what was causing this issue when I got it, and what I found out I could to do resolve it.
I had a site that I made that used SignalR. As I was developing I didn't secure the site, but when I went to secure the site with AzureAD I got the aforementioned error. The issue was that I had two startup classes, one in the application root, and one in App_Start. One was in the [applicationname].App_Start namespace, while one was in the App_Start namespace, and one was marked as the OWIN startup assembly.
My resolution was to remove the one in the App_Start folder, which was in the [appname].App_Start namespace, and add the proper SignalR and OWIN startup attributes to the one in the application root.
This solved my issue.
Hope this helps anyone else that runs into this!
Solution 3:
I was also getting unauthorized errors and when obtaining a bearer token everything seemed to be working just fine.
My problem was in my resource id. It did not match my Azure-AD application's "App ID URI". I had an extra slash on the end when calling the AcquireTokenAsync method and I had entered it in Azure-AD without a slash.
// private string resourceId = "https://mywebsite.azurewebsites.net/"; // bad
private string resourceId = "https://mywebsite.azurewebsites.net"; // good
result = await authContext.AcquireTokenAsync(resourceId,
clientId, redirectUri, new PlatformParameters(PromptBehavior.Never));
So, make sure that your resource id matches your Azure-AD application's "App ID URI" exactly.
Notes:
- Every app service that is associated with Azure-AD has a corresponding Azure-AD application declaration of type Web app/API. This resource id is the "App ID URI" in the app service's Azure-AD application declaration.
- My resource id just happens to be my web site URL, but it could have been anything. The point is to match your "APP ID URI" of the Azure-AD application your trying to access.