I have 2 resource in azure
- azure functions app service that will call "feedback api"
- .net core web app service that has a feedback api controller which should be only available for the function app
I would like to setup [Authorize] attribute in the controller in the way that only azure function will be able to authorise (for example with some generated key).
Is there any out of the box solution for this, and if not how can I add it?
Related
I am trying to implement Azure App service authorization using App Role(Application).
I have created two App registrations as provider and consumer.
The provider has a Role defined which is added as Permission scope in the consumer App.
I need help about how to authorize the consumer app to call an API in app service(.net core) which is using the provider app for authentication and authorization.
I am very new to Azure development and need support.
Please help. Thanks in advance.
BR
I am new to azure functions.
I created a ReactApp and used the graph API to get information about users registered in Azure ADB2C.
At this time, a client credential flow was used, but user information could not be obtained due to a CORS error.
Previous Idea(CORS error): ReactApp↔graphAPI↔Azure ADB2C
So I thought of using Azure functions.
First, ReactApp calls azure functions as an API.
Next, call the graphAPI in the azure functions.
At this point, we want to use the client credential flow.
Then, the user data of Azure ADB2C can be obtained because the graphAPI was used.
This user data is returned to Azure functions so that it can be used in ReactApp.
My Idea: ReactApp↔Azure functions ↔ graph API ↔ Azure ADB2C
Is this feasible?
If it is possible and you have a sample, please let me know.
Thanks for reading.
• Yes, you can surely do the same as per what you have stated in your post. You can surely deploy a react app in Azure functions and trigger a graph API query from the function to an Azure AD B2C tenant. To do so, you will have to first deploy an Azure Static Web app in Azure, then build and deploy it through a workflow in Github by creating a repository there, then create an Azure function API for the react app deployed. This Azure function service provides serverless APIs which allows you to focus on your TypeScript code and not have to configure a full back-end web server.
• Once done, then connect the react client app to Azure function API. The Azure static web app resource deployed earlier provides a proxy between the react client and the Azure function API. Hence, while deploying the above, I would suggest you to please follow the below Microsoft documentation link and its subsequent article series for the said above resources.
https://learn.microsoft.com/en-us/azure/developer/javascript/how-to/with-web-app/static-web-app-with-swa-cli/introduction
Please follow the series of documentation articles stated above till the end of connecting the react client to Azure function API. Once done, then register an application in Azure AD B2C for authentication purposes and copy the application’s required credentials like the client ID, tenant ID, tenant name and client secret for inserting these details in the HTTP trigger function API created earlier. Also, give the registered application in Azure AD B2C the required application permissions of ‘User.ReadWrite.All’ for the Microsoft Graph API. Ensure that you are adding the ‘Microsoft.Identity.Client’, ‘Microsoft.Graph.Auth’ and ‘Microsoft.Graph.Beta’ nuget packages to your Azure function solution created earlier. Then modify the constant parameters and variables in the Azure solution code file as in the below snapshot: -
• Once the above has been done successfully, you can then test the deployed solution through ‘Postman’ application API as well as by redirecting to the react app page there by triggering a HTTP response in the function API which will ensure that you read the logged in Azure AD B2C user in the react app. For detailed information on the above-mentioned configuration, I would suggest you to please go through the video link below as it perfectly describes your condition in detail: -
https://www.youtube.com/watch?v=4uJHSwA-TZE
Is there any provision to start/stop an azure function app via Azure Data Factory Web Activity.
Azure Logic Apps is the simplest way to achieve this.
You can call the below Management API to Start/Stop your Azure Function App:
START
POST https://management.azure.com/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/Microsoft.Web/sites/<FunctionAppName>/start?api-version=2015-08-01
STOP
POST https://management.azure.com/subscriptions/<SubscriptionID>/resourceGroups/<ResourceGroup>/providers/Microsoft.Web/sites/<FunctionAppName>/stop?api-version=2015-08-01
You can use Managed Service Identity authentication to authenticate above request.
Below are some screenshots for your reference:
Once you enable the Managed Identity for your Logic App , It will create a AD Application with the same name of your Logic App Work Flow.
Now Got to your Function App --> Platform Settings --> All Settings --> Access Control (IAM) --> Click on Add(+) button.
Add AD Application (Created with your Logic App Name) and Provide Contributor role and save.
Function can be started based on its trigger. eg. Timer, webhoook etc.
It can be stopped by stopping the function App and existing functions will be stopped
Requirement : Create a API app in Azure with OAuth2.0 authorization, which will communicate with Azure Service Bus to push message into Service bus queue based on incoming calls.
Problem: I have developed a Azure API app in VSTS and deployed in Azure, configured it using Azure Active Directory to do App registration and used API Management Service to implement OAuth2.0 on my API. When I am trying to communicate my Azure Service Bus to push message using queueclient.SendAsync(message), my message is getting into Service Bus but the SendAsync method does not returns and my code hangs on that line.
Then I searched some posts in google and I found that it is some kind of issue and I need to use .net core type project to overcome the sendasync thread problem. So I developed a .net core web application( template API) and deployed it to Azure and it is communicating with the bus properly. But the app service deployed in Azure is of type Web app but not API app. So now I cannot use this Web app to be configure under API Management Service for OAuth2.0 as it supports only API app type.
Query : 1. Can I use .net core web application to develop my API's and deploy in Azure as API app type.
or
2. How to use .NET Framework web application to develop my API which can communicate with Service bus properly without hanging in SendAsync method.
There is no noticeable difference between a Web APP and an API App so the answer is yes, you can use .net core web application to develop your API and deploy it as an API App.
I can't answer your Question 2 without seeing your code, maybe you missed an await?
I have an ASP.Net Core 2.0 Web App running in an App Service in Azure that has social login configured (Google & Microsoft) according to the following docs:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?tabs=aspnetcore2x
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?tabs=aspnetcore2x
I also have an Azure Function app that gets triggered when a message is written to an Azure Queue. I would like this function app to post the message to a Web API (Controller Action) that is running on the web app above.
How would I go about authenticating from the function app to the web API method? Would I need to somehow call the Azure AD endpoint to get a token for a given username/password?
Ideally, I would want to limit who can call this API method to just a single user account that the function app would use. Alternatively, can I somehow use the new Managed Service Identity feature to authenticate the function app against my web API method in my web app above?
Sorry, am new to API authentication, so just trying to figure out the simplest approach.