How to Setup Authentication for Azure Functions
HTML-код
- Опубликовано: 24 май 2022
- This video describes two ways you can setup authentication in Azure Functions: Key (token) based auth and Azure AD Integrated. The step-by-step video also describes what the different authorization levels do.
great video, very useful and thorough
Excellent walkthrough and provide the overview in only 20 minutes. Thanks
This was beautiful, well done!
Nice and handy tutorial. Thanks for the video!
Very useful, thanks for this!
Easy to follow, lots of information. Cheers!
Glad you enjoyed it!
@@azureappmodernization9036 Do you think a JWT flow woudl make sense for a azure function or should i go for AD-Auth
a) in general? even for CI/CD use cases like text-2-speech translations
b) as API/ Fetch for my Vue frontend
Thanks for this content! it's helped me a lot.
Glad to hear it! I plan on creating many more of these, so let me know if there's something you're interested in.
Excellent content sir, thanks for share it
My pleasure
thank you! very useful and well explained... do you have any example about an endpoint to generate token?
Amazing tutorial.
Glad you liked it
@@azureappmodernization9036 Hey just a question, if the functions are not http triggered, say queue triggered then key mechanism is the only way to authorize the functions right ? I do know that managed identity is a way, but I’m sure we can’t have an app registration in this case. Am I correct ?
Thank you for a great video. It gives a lot of knowledge. How you planning to create similar video using System Managed Identity?
Hey Kaps! Glad you liked it! The SMI video is up as well. Look for the title "How to Setup Auth with Managed Identity" . I also show how to create a CRUD API against SQL server in that video.
What if my client is a NextJS application running on App Services? I gave the proper API permissions, but can you please explain how to send a request from inside the application and not through the CLI?
Hello,
I tried to do the same as you did in the second part of the video but I get the error :
AADSTS500011: The resource principal named api://.../... was not found in the tenant named .... This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
I have checked the configuration several times.
Hi, how to authenticate function using client certificate from logic app?
Thanks but a bit confused as to why you had to create two app registrations? You created nvm-addemo-... and also ADClient.
What is the purpose of that?
(Apologies for the late reply) If I understand your question correctly:
You have 2 entities: The caller and the function.
In the first part of the video, I register the function with an identity (app registration) and then a role that we need to be in place to call the function. In the second part, we need an identity to call the function and we associate the role the function needs with that identity. When the call is made this occurs (in a similar order) , the function asks AD: "Is the caller allowed to call me?" So AD will challenge the caller with auth information. The caller logs into AD (with client and secret), AD gives it a token that is valid for a period of time. The caller resends the request to the function, which asks AD the same question again: "Is the caller allowed to call me?" AD looks up the bearer token the client sent it and validates it, it then looks up the caller's app role and matches it with the function app role. If all looks good, it tells the function that security checks have passed.
@@azureappmodernization9036 Thank you, makes perfect sense! Seems I was just looking at it from a different perspective.
how to get a token to use from postman and alikes?
I cover this in the video around 3:45 and 4:15. Depending on if you're using Host/Admin authorization or Function Authorization.