If you want to provide authentication for your App Service without writing a single line of code, you can turn on the Authentication in App Service configuration. When you turn on this option, Azure will verify the users before sending the traffic to the application.

There is a challenge when it comes to monitoring, if our monitoring tool can’t pass this authentication, we’ll not be able to monitor this application. There are many case the application is not working, but Azure still ask the user to login before seeing the errors. Here is a simple script that can authenticate using a principal account.

#!/bin/bash

# -------------------------------
# CONFIGURATION
# -------------------------------
TENANT_ID="your-tenant-id"
CLIENT_ID="your-client-id"
CLIENT_SECRET="your-client-secret"
RESOURCE="https://<your-app-name>.azurewebsites.net"  # App Service URL
APP_URL="https://<your-app-name>.azurewebsites.net/health"  # endpoint to test

# -------------------------------
# GET ACCESS TOKEN
# -------------------------------
ACCESS_TOKEN=$(curl -s -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=$CLIENT_ID&scope=$RESOURCE/.default&client_secret=$CLIENT_SECRET&grant_type=client_credentials" \
  https://login.microsoftonline.com/$TENANT_ID/oauth2/v2.0/token | jq -r '.access_token')

if [ -z "$ACCESS_TOKEN" ] || [ "$ACCESS_TOKEN" == "null" ]; then
  echo "Failed to get access token"
  exit 1
fi

echo "Access token acquired"

# -------------------------------
# CALL THE PROTECTED ENDPOINT
# -------------------------------
HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $ACCESS_TOKEN" $APP_URL)

if [ "$HTTP_STATUS" == "200" ]; then
  echo "✅ Success: App Service is reachable"
else
  echo "❌ Failed with HTTP status: $HTTP_STATUS"
fi