4

I'm converting a WebApi to an Azure Function app. It authenticates using a SecurityToken in the header. With the api, I put in an attribute to call the authentication logic, but this doesn't work in Azure functions.

[ApiAuthentication()]
    [FunctionName("GetConfig")]
    public static async Task<HttpResponseMessage> Run([HttpTrigger(AuthorizationLevel.Function, "get")]HttpRequestMessage req, TraceWriter log)
    {

}

Is there a way to make this work, or is there a better way?

Founder
  • 626
  • 6
  • 19
  • What does `ApiAuthentication()` do? Looks up a storage table/SQL? In functions you have functions authorization (sent as `?code=xxx` or header) and Azure AD integration. If none of them work for you, look at API Management for extensive API authorization/billing. You can expose functions as API Management backend APIs (routes). – evilSnobu Jan 30 '18 at 10:38

1 Answers1

8

ASP.Net WebAPI attributes don't work in Azure Functions (they're two separate frameworks, although AF is currently implemented on top of WebAPI, it doesn't expose that to the surface). You have some options:

  1. You can also use Function Filters (although these are more limited than ASP.Net filters). See https://github.com/Azure/azure-webjobs-sdk/wiki/Function-Filters for more documentation on this.
  2. Functions (like regular Azure WebSites) support integration with EasyAuth. In this case, you can configure the authentication in the portal and the system (Via an IIS Module) will handle auth for you. Here's one tutorial for how to do that: http://markheath.net/post/secure-azure-functions-app-easy-auth-adb2c
Mike S
  • 3,058
  • 1
  • 22
  • 12