My goal is to only allow authenticated users from my Azure AD tenant to access the API and keep below setting

Even I have tried to use both Allow authenticated users from Azure AD tenant to access the API and the Require authentication option in Azure Web App but getting the same error.

Easy Auth generates a token, and we are also manually generating a token using AddMicrosoftIdentityWebApi and [Authorize]. These two tokens might be causing a conflict.

So, you can choose either one of the Authentication methods Easy Auth or Azure AD Authentication.

If you use Easy Auth, to access api/controller endpoint, follow below steps:

• Remove Azure Ad Configuration in the Program.cs file and [Authorize] in controller.

• Add App role to the App registration of the Easy Auth it is same name as your Web App.

• Create the new App registration and Goto Api Permission -> Add a permission -> My APIs -> Select Easy Auth App registration -> Application Permission -> Created Role.

• Make sure to Grant Admin Consent.

• And Generate token using client Credentials and pass the token you get output:

If you want full control over authentication inside your ASP. NET app use Azure Ad Authentication.