发表新帖
发表新帖

Azure Function authentication using Azure Active Directory

后端 未结
关注
2 1175
生来不讨喜
生来不讨喜 2020-12-03 16:34

I wanted to enable authentication on Azure Functions. So, I decided to go with EasyAuth (Authentication/Authorization link under platform features) and was successfully able

相关标签:
2条回答
  • 旧时难觅i
    2020-12-03 16:47

    We could use the accesstoken to access the you azure function api directly, if your azure function authentication level is anonymous or function key is also required.

    I get the access token with your mentioned way. According to the Azure Resources portal(https://resources.azure.com/), the default allowedAudiences is 

      "https://{functionAppName}.azurewebsites.net/.auth/login/aad/callback"

    So I add the https://{functionAppName}.azurewebsites.net/ as allowed aduiences

    Then I can use the access token directly. I test it with postman.

    We also could use the following way to get easy auth token. The access token is the token that you got.

    Post https://xxx.azurewebsites.net/.auth/login/aad
Content-Type:application/json
{
    "access_token":"eyJ0eXAiOix...rtf2H7lyUL-g34HVw"
}

    After that we could use the get token to access the azure function api

    Note: Header is x-zumo-auth: token

    0 讨论(0)
  • 春和景丽
    2020-12-03 16:58

    Regarding the issue, you need to create a client app to call your Azure function. The detailed steps are as Below.

    1. Configure Azure AD for Azure Function. Please refer to https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings#auth.

      i. Go to Integrate of your trigger, set Authorization level to Anonymous

      ii. Got to Authentication / Authorization and configure Azure AD

    2. Register a clent application in AD on the azure portal. For more details, please refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-integrate-apps-with-azure-ad.

      a. Open the Azure Active Directory and click the App registrations , choose New application registration.

      b. Enter your Name and Redirect URL, you can write anything. Then click create button.

      c. Settings-> Required permissions -> add, choose the application you use in the step1

      d. Select permission -> APPLICAION PERMISSIONS ->Select->Done->Grant Permissions->Yes

      e. Create a key and copy it

      f. Copy the Application ID

    3. Test

    Get Token:

    METHOD: POST

Url : https://login.microsoftonline.com/your directory ID/oauth2/token 

HEADERS:  Content-Type : application/x-www-form-urlencoded

BODY:
grant_type+=client_credentials&resource+=”your Function APP ID”&client_id+++++=”the application that your register  id”&client_secret+=”the key you create”

    Test Function:

    METHOD: Get

Url : https://<Functionname>.azurewebsites.net/api/HttpTriggerCSharp1?name=azure

HEADERS:  Authorization : Bearer <access token>

    0 讨论(0)
 看不清?
提交回复
热议问题