0

I would like to use an Azure function proxy to restrict access to an API by requiring that a specified request header X-MY-HEADER is present. I don't want to actually check the value of the header here, just that it is present.

I can't find any examples of this and some trial and error hasn't worked. The proxy configuration is working properly before adding the additional for the header.

I have tried something like:

{
  "proxies": {
    "Mock API - POST": {
      "matchCondition": {
        "methods": [ "POST" ],
        "route": "/api",
        "request.headers.X-MY-HEADER": "{*}"
      },
      "responseOverrides": {
        "response.headers.Location": "https://REAL/API/ADDRESS/ETC"
      }
    }
  }
}

also "request.headers": "X-MY-HEADER" but neither appear to work.

Is this possible to do and I just have the syntax wrong?

If the header is missing I'm happy for it to simply 404.

Andy Cook
  • 121
  • 1
  • 5
  • Why not choose to judge within the logic of the function? – Cindy Pau May 29 '20 at 09:20
  • In this instance I am just using Azure as a proxy - there is none of my code running in Azure, just the proxy configuration. The proxy is redirecting to an application running on a completely different domain outside of Azure. I am using the function proxy as a gateway to the other application, so no opportunity to run code in the function. – Andy Cook May 30 '20 at 00:20

1 Answers1

0

You can do the autherize like this:

using System;
using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;

namespace FunctionApp62
{
    public static class Function1
    {
        [FunctionName("Function1")]
        public static async Task<IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
            ILogger log)
        {
            log.LogInformation("C# HTTP trigger function processed a request.");

            if (req.Headers.Keys.Contains("X-MY-HEADER"))
            {
                log.LogInformation("has header X-MY-HEADER!");
                //put your process logic here.
            }

            return new OkObjectResult("!!!!!!!!!!!!!!!!!!!!!!");
        }
    }
}

(do the autherize in the logic of your function, if the request has the header, then do something.)

Cindy Pau
  • 13,085
  • 1
  • 15
  • 27