search

Azure / data-api-builder

Data API builder provides modern REST and GraphQL endpoints to your Azure Databases and on-prem stores.
https://aka.ms/dab/docs
MIT License
852 stars 172 forks source link

[Docs] Document that `AuthenticationProvider: StaticWebApps` must be used when deploying to SWA DB Connections #1719

Open mshafiqmk opened 12 months ago

mshafiqmk commented 12 months ago

What happened?

I am following the azure docs to configure authentication using azure ad

https://learn.microsoft.com/en-us/azure/data-api-builder/authentication-azure-ad#assign-roles-to-your-account

But always getting 403 , I have every thing , the roles exists , the issuer , audience and every thing is correct as per the configuration.

there seems to be no way to check logs and investigate this issue.

Version

Microsoft.DataApiBuilder 0.8.49+0aebfe2179ee27d1e1723776dd4662459674e987

What database are you using?

Azure SQL

What hosting model are you using?

Local (including CLI)

Which API approach are you accessing DAB through?

REST

Relevant log output

info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET https://localhost:5001/api/Author - -
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
      Executing endpoint 'Azure.DataApiBuilder.Service.Controllers.RestController.Find (Azure.DataApiBuilder.Service)'
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
      Route matched with {action = "Find", controller = "Rest"}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Find(System.String) on controller Azure.DataApiBuilder.Service.Controllers.RestController (Azure.DataApiBuilder.Service).
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed. Fail() was explicitly called.
fail: Azure.DataApiBuilder.Service.Controllers.RestController[0]
      4a378f1c-8848-498d-96a5-142c2f7109ae: Authorization Failure: Access Not Allowed.
fail: Azure.DataApiBuilder.Service.Controllers.RestController[0]
      4a378f1c-8848-498d-96a5-142c2f7109ae:    at Azure.DataApiBuilder.Core.Services.RestService.AuthorizationCheckForRequirementAsync(Object resource, IAuthorizationRequirement requirement)
         at Azure.DataApiBuilder.Core.Services.RestService.ExecuteAsync(String entityName, EntityActionOperation operationType, String primaryKeyRoute)
         at Azure.DataApiBuilder.Service.Controllers.RestController.HandleOperation(String route, EntityActionOperation operationType)
info: Microsoft.AspNetCore.Mvc.Infrastructure.SystemTextJsonResultExecutor[1]
      Executing JsonResult, writing value of type '<>f__AnonymousType0`1[[<>f__AnonymousType1`3[[System.String, System.Private.CoreLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.String, System.Private.CoreLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.Int32, System.Private.CoreLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Azure.DataApiBuilder.Service, Version=0.8.49.0, Culture=neutral, PublicKeyToken=null]]'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
      Executed action Azure.DataApiBuilder.Service.Controllers.RestController.Find (Azure.DataApiBuilder.Service) in 42.2036ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint 'Azure.DataApiBuilder.Service.Controllers.RestController.Find (Azure.DataApiBuilder.Service)'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET https://localhost:5001/api/Author - - - 403 - application/json;+charset=utf-8 1391.7692ms

Code of Conduct

mshafiqmk commented 12 months ago

I figure out the issue , the documentation , I have figure it out and also added PR to update the docs : https://github.com/MicrosoftDocs/data-api-builder-docs/pull/5

seantleonard commented 12 months ago

Thank you for creating a PR to improve the docs and I'm sorry you wasted time trying to get this sorted out. I'll take a look at your doc update and get that into our docs.

In the meantime, more information about authorizing a request (after you have acquired your Azure AD access token) can be found in the authorization documentation which discusses usage of custom roles: https://learn.microsoft.com/en-us/azure/data-api-builder/authorization#user-roles.

mshafiqmk commented 12 months ago

Thank you for creating a PR to improve the docs and I'm sorry you wasted time trying to get this sorted out. I'll take a look at your doc update and get that into our docs.

In the meantime, more information about authorizing a request (after you have acquired your Azure AD access token) can be found in the authorization documentation which discusses usage of custom roles: https://learn.microsoft.com/en-us/azure/data-api-builder/authorization#user-roles.

This seems to be issue with SWA and DATA builder api , i deploy same dab-config.json file to azure container apps and every thing works there as expected.