App Service Authentication Disabled
More Info:
Azure App Service Authentication prevents anonymous HTTP requests to reach the API app. Also, it ensure to authenticate those that have tokens before they reach the API app. Anonymous requests from browser are redirected to a logon page.Risk Level
MediumAddress
SecurityCompliance Standards
SOC2, GDPR, ISO27001, CISAZURE, CBP, HIPAA, HITRUST, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “App Service Authentication Disabled” misconfiguration in AZURE using the AZURE console, you can follow these steps:
- Open the AZURE console and navigate to the App Service that needs to be remediated.
- Click on the “Authentication/Authorization” option from the left-hand menu.
- Under the “Authentication Providers” section, select the “Azure Active Directory” option.
- Select the “Express” option to set up authentication quickly or “Advanced” to configure custom settings.
- Follow the prompts to configure the authentication settings as per your requirements. You can choose to enable/disable different authentication providers such as Facebook, Google, Twitter, and Microsoft.
- Once you have configured the authentication settings, click on the “Save” button to apply the changes.
Using CLI
Using CLI
To remediate the “App Service Authentication Disabled” misconfiguration in Azure using Azure CLI, follow these steps:
- Open the Azure CLI on your local machine or in the Azure portal.
-
Login to your Azure account using the command:
-
Select the subscription that contains the affected App Service using the command:
-
Get the resource ID of the affected App Service using the command:
-
Enable App Service Authentication for the App Service using the command:
-
Configure the authentication settings for the App Service. For example, you can configure authentication using Azure Active Directory, Facebook, Google, Microsoft Account, or Twitter. Here’s an example command to configure authentication using Azure Active Directory:
Note: Replace the placeholders
<your_aad_app_id>,<your_aad_app_secret>, and<your_aad_tenant_id>with your actual Azure Active Directory application ID, application secret, and tenant ID, respectively. -
Verify that App Service Authentication is enabled for the App Service using the command:
This command should return the authentication settings for the App Service.
Using Python
Using Python
To remediate the “App Service Authentication Disabled” misconfiguration in Azure using Python, follow these steps:
- Import the necessary modules:
- Set up the credentials for accessing the Azure resource:
- Instantiate the
WebSiteManagementClient:
- Get the list of web apps:
- For each web app, check if the app service authentication is disabled. If it is disabled, enable it:
-
Replace
<subscription_id>,<client_id>,<client_secret>,<tenant_id>, and<resource_group_name>with the appropriate values. - Save the Python script and run it to remediate the misconfiguration.