Advanced Application Settings

This page describes settings that are not included in the Azure Resource Management APIs. They are instead configured using application settings.

App Setting Name	Allowed Values	Description
WEBSITE_AUTH_DISABLE_IDENTITY_FLOW	true or false	When set to true, disables assigning the thread principal identity in ASP.NET-based web applications (including v1 Function Apps). This is designed to allow developers to protect access to their site with auth, but still have it use a separate login mechanism within their app logic. The default value is false.
WEBSITE_AUTH_ENCRYPTION_KEY
WEBSITE_AUTH_HIDE_DEPRECATED_SID	true or false
WEBSITE_AUTH_NONCE_DURATION
WEBSITE_AUTH_PRESERVE_URL_FRAGMENT	true or false	When this setting is set to true and users click on links to your site which contain URL fragments, the login process will ensure that the URL fragment part of your URL does not get lost in the login redirect process. More details can be found in the "Linking to Anchors" section of this blog post.
WEBSITE_AUTH_SIGNING_KEY
WEBSITE_AUTH_STATE_DIRECTORY
WEBSITE_AUTH_TOKEN_CONTAINER_SASURL	A fully-qualified blob container URL	Instructs the auth module to store and load all encrypted tokens to the specified blob storage container instead of using the default local file system.
WEBSITE_AUTH_TOKEN_REFRESH_HOURS	Any positive decimal number
WEBSITE_AUTH_TRACE_LEVEL
WEBSITE_AUTH_VALIDATE_NONCE	true or false
WEBSITE_WARMUP_PATH	Any relative URL path	This setting is intended for use when an unauthenticated client, such as Azure Traffic Manager, needs to access a specific path in the web app without requiring authentication. When set, any HTTP requests to the specified URL path will not be rejected by Easy Auth, regardless of the specified rules for unauthenticated clients. (NOTE: This app setting does not change the path used by AlwaysOn.)