HttpRequest.HttpContext.User (ClaimsPrincipal) object in a Azure HttpTrigger Function does not contain my Identity from Authorization Header

Question

[FunctionName("GetDetails")]
public async Task<IActionResult> Run(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "v1/{Id}/details")] HttpRequest request, int Id)
{
    //my code here to get claims from the User context (request.HttpContext.User).
}

I also tried injecting the ClaimsPrincipal object in my function like below:

[FunctionName("GetDetails")]
public async Task<IActionResult> Run(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "v1/{Id}/details")] HttpRequest request, int Id, **ClaimsPrincipal principal**)
{
    //my code here to get claims from the User context (request.HttpContext.User).
}

Still the same result. For accessing the function locally I am passing my Bearer access token as below : Authorization : Bearer

Any ideas what am I missing here?

If it's anonymous authorization level what do you expect to see there? — Piotr Perak, Dec 21 '20 at 13:34
Do you see access token when checked in the request headers `req.Headers["Authorization"]`? — user1672994, Dec 22 '20 at 03:49

score 1 · Accepted Answer · answered Dec 22 '20 at 07:53

According to my test, using request.HttpContext.User can obtain the authentication information of the function protected by AAD in Azure portal.

I don't understand why you pass Bearer locally, but if you have this requirement, you can refer to the following code：

            req.Headers.TryGetValue("Authorization", out var headers);

            var authorization = headers.First();

            var jwt = authorization.Split(' ')[1];
            var handler = new JwtSecurityTokenHandler();
            var token = handler.ReadJwtToken(jwt);
            var unique_name = token.Claims.First(claim => claim.Type == "unique_name").Value;
            log.LogInformation(unique_name);

You can refer to Decode JWTs in C# for Authorization.

Note:

If you encounter this error：

System.Private.CoreLib: Exception while executing function: Function1. FunctionPa: Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=6.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. The system cannot find the file specified.

You can add <_FunctionsSkipCleanOutput>true</_FunctionsSkipCleanOutput> in the csproj file:

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>netcoreapp3.1</TargetFramework>
    <AzureFunctionsVersion>v3</AzureFunctionsVersion>
      <_FunctionsSkipCleanOutput>true</_FunctionsSkipCleanOutput>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="3.0.11" />
    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.8.0" />
  </ItemGroup>
  <ItemGroup>
    <None Update="host.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
    </None>
    <None Update="local.settings.json">
      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
      <CopyToPublishDirectory>Never</CopyToPublishDirectory>
    </None>
  </ItemGroup>
</Project>

thank you for this help..also did you find this anywhere in the docs that the authentication part will be handled on azure but not locally? — Akshay Chhangani, Dec 22 '20 at 14:06
If you use `AAD` to protect your `Function`, you can directly use `request.HttpContext.User` in `portal`. If you don’t use `AAD` protection, you can use the code I recommend, regardless of local or ` Portal` is fine. — Frank Borzage, Dec 23 '20 at 01:07

HttpRequest.HttpContext.User (ClaimsPrincipal) object in a Azure HttpTrigger Function does not contain my Identity from Authorization Header

1 Answers1