This sample shows you how to use Azure Functions in an out-of-process (Isolated) environment and secure it with Azure AD. There is a custom middleware that performs the token validation
You need to download and install the following tools and runtimes.
- Azure AD - Free via the M365 Developer Program
- .NET 6.0 - Download
- Azure Function Core Tools - Download
You can use the Function API with test client.ipynb notebook to create your Azure AD App Registrations.
To run this sample, you will need to update the appsettings.json file with your own Azure AD Application details.
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "<your tenant name>.onmicrosoft.com",
"TenantId": "<your tenant id>",
"ClientId": "<your app registration app id"
}
}Update the local.settings.json file with the following details
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "",
"FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated"
}
}
The sample already contains the .vscode folder with the necessary settings to run the Azure Function locally and help you debug any issues. Open the debugger and use the Attach to .NET Functions option to start debugging.
Alternatively, you can use the Azure Functions Core Tools to run the function locally with the following command:
func host start
You need a REST client to call the Azure Function API. The .NET Notebook is designed to create the client app registration for you but is optimized Thunder Client (a VS Code Rest Client). Alternatively, you can use something like Postman to authenticate and call the API
Currently the isolated Azure Functions middleware doesn't expose the HttpContext object. This means that you can't the middleware to short circuit the request pipeline to send HTTP messages in response to a specific event, .e.g. a 401 Unauthorized response when there is an authentication error. The solution was to create an extension method for the FunctionContext object and use reflection to inject our response data into the context. The code was heavily borrowed inspired by the work of Joonas Westlin, an Azure MVP and Friend of Identity (Azure AD).
You can check out his solution here