locked
Options for user login for azure functions RRS feed

  • Question

  • User1034446946 posted

    Hi

    I am looking to authenticate users for a website which uses azure functions (through azure api), this is solely for users of the website, I will need to be able to setup the equivalent to claims and roles in identity.

    I have looked at Active directory and it seems very focused on the azure functionality, I don't need it to have any authority over azure at all, only roles and claims related to my website.

    One option would be to create my own identity project and use that, but is there anything similar to identity built into azure?

    Any thoughts would be appriciated.

    Monday, May 27, 2019 8:40 PM

All replies

  • User475983607 posted

    It sounds like your web app already has security setup and working.  From there it is just a matter of making a HTTP request from .NET code to the serverless function.  Simple secure the code that makes the HTTP request, which I assume is an action, then you're good to go.  All you really need to is to secure server to server and that concept is well established using standard approaches like Basic Authentication, Certificates, Firewalls, etc.

    To recap, your current security and design manages claims/roles and determines what actions a user can invoke.  The actions invoke the serverless functions and security is handled between servers.  

    If the user's identity is needed in the serverless function then drop the current security design and used a SSO protocol like OAuth/OIDC.

    Monday, May 27, 2019 9:27 PM
  • User1034446946 posted

    Hi my currenct setup is using asp.net  identity in an mvc application, I was thinking about just using the same project, but feel it would be a bit ugly as I would have to call everything manually at the start of every http trigger open to the public, which isn't a massive issue but would prefer something a little more elegant.

    Monday, May 27, 2019 9:37 PM
  • User475983607 posted

    Hi my currenct setup is using asp.net  identity in an mvc application, I was thinking about just using the same project, but feel it would be a bit ugly as I would have to call everything manually at the start of every http trigger open to the public, which isn't a massive issue but would prefer something a little more elegant.

    Let me simplify.  Your secured server application is responsible for the user identity and allows/denies access to serverless functions via action methods.  From there is it just a matter of securing server to server which is very common and easily configured in Azure functions.

    If the serverless function needs the user's identity then a redesign is required and I recommend OAuth/OIDC.

    Monday, May 27, 2019 10:04 PM