Azure AD authenticated Azure Function claims to be authenticating but does not know my name or claims

Siegfried Heintze 1,906 Reputation points
2023-04-16T19:46:54.5066667+00:00

I followed this example: https://learn.microsoft.com/en-us/azure/api-management/howto-protect-backend-frontend-azure-ad-b2c It works! Yahoo!

Well, kinda... So I enhanced the C# script with this code from https://www.serverlessnotes.com/docs/authorizing-user-requests-in-azure-functions-with-azure-ad

    var sb = new StringBuilder();
    var identity = req.HttpContext?.User?.Identity as ClaimsIdentity;
    sb.AppendLine($"IsAuthenticated: {identity?.IsAuthenticated}");
    sb.AppendLine($"Identity name: {identity?.Name}");
    sb.AppendLine($"AuthenticationType: {identity?.AuthenticationType}");
    foreach (var claim in identity?.Claims)
    {
        sb.AppendLine($"Claim: {claim.Type} : {claim.Value}");
    }
        return new OkObjectResult(sb.ToString());

As per the tutorial, I log in to my new static web page and call my azure function and now I don't see my name or any of my claims (such as city, state, zip or custom extension attributes) as per my configuration in Azure AD.

It has been over a year (maybe two years) since I was running this example: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/4-WebApp-your-API/4-2-B2C/README.md#how-to-secure-a-web-api-built-with-aspnet-core-using-the-azure-ad-b2c and I remember looking at the token inside the WebAPI implementation with the debugger and seeing my claims (which is vital for keeping each users's data seperate).

After much cursing I am now calling the same azure function using a BlazorServer Client and I have the same problem.

So I grabbed the client side token from this C# code:

 accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(new[] { _HelloScope });

And I stuck it into https://jwt.ms and I see all my claims. So this looks good.

Could the problem be my Azure API Mgt (APIM) policies? I'm using

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,936 questions
Developer technologies | .NET | Blazor
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Siegfried Heintze 1,906 Reputation points
    2023-05-05T20:37:59.96+00:00

    Let's consider my May 4 2023 comment as the answer for now because now I have a working C# script & compiled C# function examples that can fetch their claims. While I would like to know why

    1. System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler..ReadJwtToken(string) works inside a C# web app but not a function app
    2. Authenticated C# scripts Functions don't have the proper claims in their http requests but Authenticated Compiled C# Functions do

    I probably should not take even more time to pursue this now.

    Siegfried

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.