0

I'm running a hello world azure function app with an HTTP trigger in a windows container on-prem (yay!).

The question I have now is is it possible to impersonate the user initiating a request from the HTTP trigger? The goal is to allow the function to talk to our in-house authorization system and get back an authorization token.

Could it be just a matter of changing the authorization level to something like Authorization.User?

Jerry Liu
  • 17,282
  • 4
  • 40
  • 61
Steve L.
  • 1,098
  • 13
  • 23

1 Answers1

1

It's possible. We send identity info to the Http Trigger, it talks to authorization backend and brings back a token to the trigger, we get the token as a response of the Http trigger.

Since it's an in-house authorization system we can't rely on the authorization level of Http trigger. It is used for Functions deployed in Azure site, where we need to provide a corresponding key to access Http trigger secured by different auth level.

BTW, the auth level should always be anonymous(e.g AuthorizationLevel.Anonymous in c#) if we work with Http trigger in on-prem container. Because locally we don't have any key to access the trigger secured by level other than anonymous.

Jerry Liu
  • 17,282
  • 4
  • 40
  • 61
  • Just so I understand... the trigger would make a call to the api of the in-house auth system, get the token response, and do whatever work it needed to do from there? – Steve L. Jan 14 '19 at 15:35
  • 1
    @AspiringDevOpsGuru True, note that we'd better not put some long-time running job before sending response back in http trigger. – Jerry Liu Jan 15 '19 at 02:26