问题
Background: I have an Azure Function App deployed with App Service Authentication (easyauth) enabled using AAD, hooked up to an Azure AD B2C tenant. It's all working great and as expected. That said I have encountered a new scenario that I'd like to support with the same function app but without the auth turned on. Specifically I'd like one specific function to be called anonymously (perhaps even behind a function proxy).
Question: Is it possible to disable auth on a specific function in the same function app where everything else has authentication enforced?
I've played around with the idea of changing the "Action to take when request is not authenticated" to "Allow Anonymous request (no action)" however that then leaves me with the task of somehow in every other function that requires auth, doing something that would ensure that a request is in fact authenticated. Note that I have no idea what the something is that I'd have to do yet in this case.
Worst case I'll setup a totally separate function app that only exposes the single function that I need to call anonymously... however it feels like there should be a better solution that doesn't require me sharing source across two projects.
回答1:
Would something like URL authorization rules help? It works for both web apps and function apps.
https://blogs.msdn.microsoft.com/appserviceteam/2016/11/17/url-authorization-rules/
For your scenario, you'll first need to allow anonymous access in the portal. Next, you'll want to create an authorization.json file in the root of your site and define two routes:
- Disable anonymous access at the root.
- Enable anonymous access for the anonymous function URL.
Give that a try and see if it will work for you. In general we want to improve the integration of our authentication feature with Azure Functions, and this is one method we're looking at.
来源:https://stackoverflow.com/questions/48712457/is-it-possible-to-disable-aad-auth-on-specific-azure-functions