2023 Jul 4 Morning update:
Here is my code:
[NetCoreFunctionsAuthSample.Auth.Authorize("global-admin")]
[FunctionName("Hello")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ClaimsPrincipal claimsPrincipals,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
var sb = new StringBuilder();
var identity = req.HttpContext?.User?.Identity as ClaimsIdentity;
sb.AppendLine($"<br/>IsAuthenticated: \"{identity?.IsAuthenticated}\"");
sb.AppendLine($"<br/>Identity name: \"{identity?.Name}\"");
sb.AppendLine($"<br/>AuthenticationType: \"{identity?.AuthenticationType}\"");
var count = 0;
count = DisplayWorkerTasks(sb, count);
foreach (var claim in identity?.Claims)
This is not working and I cannot figure out why. It aways throws Phil's 401 (Unauthorized) exception: even when I am logged in as the global-admin. If I comment out the attribute, I can single step thru my function by attaching my Visual Studio debugger to the cloud resident function app. If I put soft breakpoints in Phil's s code here: https://github.com/GrillPhil/NetCoreFunctionsAuthSample/blob/master/NetCoreFunctionsAuthSample/Auth/AuthorizeAttribute.cs#L16
and here: https://github.com/GrillPhil/NetCoreFunctionsAuthSample/blob/master/NetCoreFunctionsAuthSample/Auth/AuthorizeAttribute.cs#L23
(1) I never hit the break points! Even when I recompile and redeploy using hard breakpoints (System.Diagnostics.Debugger.Break();
). How could this be?
I think the problem is here:
public static bool UserIsInAppRole(ClaimsPrincipal user, string[] validAppRoles)
{
System.Diagnostics.Debugger.Break();
var userRoles = user.Claims.Where(e => e.Type ==
//"http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
"http://schemas.microsoft.com/ws/2008/06/identity/claims/extension_Role"
).Select(e => e.Value);
var matchingRoles = userRoles.Intersect(validAppRoles);
return matchingRoles.Count() > 0;
}
(2) Since I'm running as B2C and not B2B, I don't have a claim called "role". I do have a claim called "extension_Role" however. As you can see, after failing to hit any break points I tried using "extension_Role" instead of "role" and this did not help! No breakpoints were hit and I always got 401 errors when logged in as "global-admin"
I know what claims I have because (as you can see from the first code snippet) I am enumerating all of them and sticking them in a long string buffer that I return to the caller.
(3) Now my main program ("Run") has a logger I could use. How do I access that logger from inside the attribute?
Also: as per your encouragement, I tried putting the attribute on a child function DisplayWorkerTasks
that is called by the main "Run" function:
[NetCoreFunctionsAuthSample.Auth.Authorize("loafer")]
private static int DisplayWorkerTasks(StringBuilder sb, int count)
{
var tasks = GetWorkerTasks();
foreach (var workerTask in tasks)
{
count++;
if (count == 1)
sb.AppendLine($"<ol>");
sb.AppendLine($"<li>task={workerTask.Details}");
}
return count;
}
(3) When I comment out the first attribute on the "Run" function, I can single step with the visual studio debugger using the F11 key (but it steps right over the attribute in spite of the hard and soft break points) and this second attribute has no affect and it should be throwing a 401 error because I'm logged in as "global-admin" and I have no "loafer" roles. How can I debug this? It appears that this Attribute only works on the main "Run" function. Is this true?
Thanks for your patience! Sorry to have been so slow to respond! I appreciate your prompt responses!
Siegfried