0

I have created Anonymous HttpTrigger function using java and Deployed to Function App


package com.function;

import com.microsoft.azure.functions.ExecutionContext;
import com.microsoft.azure.functions.HttpMethod;
import com.microsoft.azure.functions.HttpRequestMessage;
import com.microsoft.azure.functions.HttpResponseMessage;
import com.microsoft.azure.functions.HttpStatus;
import com.microsoft.azure.functions.annotation.AuthorizationLevel;
import com.microsoft.azure.functions.annotation.FunctionName;
import com.microsoft.azure.functions.annotation.HttpTrigger;

import java.util.Optional;

/**
 * Azure Functions with HTTP Trigger.
 */
public class Function {
    /**
     * This function listens at endpoint "/api/HttpExample". Two ways to invoke it using "curl" command in bash:
     * 1. curl -d "HTTP Body" {your host}/api/HttpExample
     * 2. curl "{your host}/api/HttpExample?name=HTTP%20Query"
     */
    @FunctionName("httpExample")
    public HttpResponseMessage run(
            @HttpTrigger(
                name = "req",
                methods = {HttpMethod.GET, HttpMethod.POST},
                authLevel = AuthorizationLevel.ANONYMOUS)
                HttpRequestMessage<Optional<String>> request,
            final ExecutionContext context) {
        context.getLogger().info("Java HTTP trigger processed a request.");

        // Parse query parameter
        final String query = request.getQueryParameters().get("name");
        final String name = request.getBody().orElse(query);



        if (name == null) {
                return request.createResponseBuilder(HttpStatus.BAD_REQUEST).body("Please pass a name on the query string or in the request body").build();
            }

    else {
                return request.createResponseBuilder(HttpStatus.OK).body("Hello, " + name).build();
        
                }
        }
    }

Now How to add Basic Authentication to that Function?

I know how to Restrict HttpTrigger function by using ADMin, FUNCTION level Authentication but Req Only. BASIC AUTORIZATION for that function

Please don't post about ADMIN, FUNCTION level Auth solution

Balu
  • 9
  • 5
  • Provide what you have tried on using the basic authentication to the function and any error message if you got because the above code is the default code of HTTP Trigger. So that the community would help better. Otherwise, this becomes homework-based question and can be closed. –  Dec 29 '22 at 18:47

1 Answers1

0

Basic authentication is NOT secure.

Having said that, Basic authentication works by having the client POST their username and password in the header (usually a POST from a login form). Your Azure function would receive that post. In an Azure function, you'd inspect the incoming req.Headers for a key:value similar to

Authorization: Basic ZGVtbzpwQDU1dzByZA==

From there, you'd base64 decode it and verify that uname and password combination exists in your database or IdP of choice.

Did I mention it's not secure?

Troy Witthoeft
  • 2,498
  • 2
  • 28
  • 37