Symptom
Your Azure Web App (or any Azure App Service) has authentication enabled but you want to use Traffic Manager. Since the probe returns the HTTP status code 401, the endpoint is considered degraded.
Cause
Whatever you use for an endpoint in Azure Traffic Manager, it must return a 200. Your site is locked down so any request returns 401
Solution
Use URL Authorization rules with a special Route to allow the ping to succeed. Note: This is in preview, so there may be updates as this matures.
- Create a directory in your application and call it whatever you wish (for this sample I am using TMStatus).
- Put an html file in it and call it something like status.html.
- Next add URL Authorization Rule to disable authentication for that directory and ensure you place this json file it in the wwwroot directory. See: URL Authorization Rules In this case All routes will be RedirectedToLogin, however the /TMStatus route will allow anonymous requests.
Your json would look something like this:
{
“routes”: [{
“path_prefix”: “/”,
“policies”: { “unauthenticated_action”: “RedirectToLoginPage” }
},{
“path_prefix”: “/TMStatus”,
“policies”: { “unauthenticated_action”: “AllowAnonymous” }
}]
}
4. Configure Authorization to Allow Anonymous requests in your Azure Portal:
This should restart your web app and pickup the changes, then point traffic manager to your app/TMStatus/status.html (or whatever you choose to call these from above).
Now when the ping from traffic manager hits this endpoint, it will return a 200 instead of a 401.
This post first appeared on MSDN Blogs | Get The Latest Information, Insights, Announcements, And News From Microsoft Experts And Developers In The MSDN Blogs., please read the originial post: here
