locked
Restrict access to a Logic App trigger with a SSL Client certificate RRS feed

  • Question

  • Hi,

    Is it possible to restrict access to a Logic App triggered by a HTTP request by using a client certificate?

    And, is it possible to extract the content of this client certificate to use into the logic app?

    Thanks.

    Monday, February 6, 2017 4:45 PM

Answers

  • Hi David,

    If you need to secure your requests using logic apps I can see one of two options:

    1. Use API Management - this will give you the control you need to expose your logic apps via a published API with very little code effort. Some information about this here.
    2. Create a API App and redirect calls from the API App into the logic app. Of course you would need to code the calls yourself, compared to option 1 where it is all configuration based. Some information about this here.

    Option 1 is definitely the preferred option, but option 2 would work as well.

    I hope this helps, Wagner.

    Tuesday, February 7, 2017 9:00 AM

All replies

  • Hi David,

    As far as I know, Logic Apps access can't be restricted by client certificates. You can restrict access by IP though, if that is an option for you.

    I also don't think that you have access to the client certificate information inside the logic app - it only expose Headers and Body. One way you could do this, if you have control over the request is to add a custom header property (something like authtoken) and pass the client certificate info you want to use there.

    I hope this helps, Wagner.

    Monday, February 6, 2017 8:33 PM
  • No , As of now you cannot authenticate using client certificate within the Logic Apps .

    but you have option to restrict with IP address . If you require fine grained authorization then think of using API Management to secure your Logic App endpoint  

     

    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply

    Tuesday, February 7, 2017 4:15 AM
  • Hi,

    Ok thanks.

    It means that I need to use API Management to secure my Logic App with a client certificate?

    Tuesday, February 7, 2017 5:11 AM
  • Hi David,

    If you need to secure your requests using logic apps I can see one of two options:

    1. Use API Management - this will give you the control you need to expose your logic apps via a published API with very little code effort. Some information about this here.
    2. Create a API App and redirect calls from the API App into the logic app. Of course you would need to code the calls yourself, compared to option 1 where it is all configuration based. Some information about this here.

    Option 1 is definitely the preferred option, but option 2 would work as well.

    I hope this helps, Wagner.

    Tuesday, February 7, 2017 9:00 AM