I've added Azure Active Directory Authentication to my function app, but as soon as I set "Action to take when request is not authenticated" to "Login with Azure Active Directory", the development interface for the function app yields this message:

Error: We are unable to reach your function app. Your app could be having a temporary issue or may be failing to start. You can check logs or try again in a couple of minutes. Session Id: 23a5880ec94743f5a9d3ac705515b294 Timestamp: 2016-11-16T08:36:54.242Z

Presumably adding the authentication requirement breaks access to the function app in some fashion... though I am able to make changes in the code editor, and they do take effect, I no longer see updates in the log panel: no compilation output messages, for example.

Does anyone know a work-around for this?

So far, I've tried just leaving the auth option to "Allow anonymous requests (no action)" and using this following code:

public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
    log.Info("C# HTTP trigger function processed a request.");

    var user = "Anonymous";
    var claimsPrincipal = Thread.CurrentPrincipal as ClaimsPrincipal;
    if (claimsPrincipal != null && claimsPrincipal.Identity.IsAuthenticated)
    {
        user = claimsPrincipal.Identity.Name;
        log.Info($"Hello {user}");    
    }       

    return req.CreateResponse(HttpStatusCode.OK, "Hello " + user);        
}

However, this (rightly) doesn't redirect to the authentication provider... I would prefer to have the app take care of all that gunge for me, but if doing so means I can't see compilation messages / log messages, it makes it pretty hard to see what's going on.

Nathan,

Unfortunately, this is a limitation at the moment and we're tracking it here: https://github.com/projectkudu/AzureFunctionsPortal/issues/794

Your approach, to allow anonymous and validate in the function is what we recommend at the moment. To extend your workaround, you can add the following code to initiate a login redirect when you detect an anonymous user (the code below assumes you are using AAD).

else
{
    log.Info("Received an anonymous request! Redirecting...");
    var res = req.CreateResponse(HttpStatusCode.Redirect);
    res.Headers.Location = new Uri(req.RequestUri, $"/.auth/login/aad?post_login_redirect_uri={req.RequestUri.AbsolutePath}&token_mode=session");
    return res;
}

We understand that isn't ideal and appreciate your patience while we work to improve this.

Thanks!