Does azure function support basic authentication?

Question

Does azure function support basic authentication?

zmsoft 695

Hi there,

Does azure function support basic authentication? Not use app key in url , use authorization header in request.

Thanks

Anonymous

2024-11-13T08:50:58.4833333+00:00

Hi @zmsoft,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.

2 answers

Your answer

Anonymous

2024-11-13T08:50:58.4833333+00:00

Hi @zmsoft,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.

Answer 1

Hi @zmsoft,

Welcome to the Microsoft Q&A Platform! Thank you for reaching out regarding the basic Authentication for Azure Functions.

In your function, the AuthorizationLevel.User allows anonymous access, which is why requests without the Authorization header can still pass through. To ensure that only requests with valid credentials are allowed, change the AuthorizationLevel to Function
```
  [Function("Function1")]
  public async Task<IActionResult> NewOrder([HttpTrigger(AuthorizationLevel.Function, "get", "post")] HttpRequest req)
```
- Ensure that your function app is processing authentication middleware correctly.For that, you should call app.UseAuthentication() in the ConfigureAppConfiguration method.Uncomment and adjust the following:
```
  .ConfigureAppConfiguration(app =>
  {
      app.UseAuthentication();
  })
```
Double-check that the Authorization header is being parsed correctly and handle any errors gracefully.

If this answers your query, do click accept answer and yes for was this answer helpful. And, if you have any further query do let us know.

Answer 2

S.Sengupta 30,261 MVP Volunteer Moderator

Azure Functions supports basic authentication through several methods. For HTTP-triggered functions, one can implement basic authentication (username/password in Authorization header) by creating a custom authentication handler.

zmsoft 695

Hi @S.Sengupta ,

Here's my code.

var host = new HostBuilder()
    .ConfigureFunctionsWebApplication()
    .ConfigureServices(services =>
    {
        services.AddApplicationInsightsTelemetryWorkerService();
        services.ConfigureFunctionsApplicationInsights();

        services.AddAuthentication("BasicAuthentication")
            .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
        services.AddScoped<IOrderDetailRepository,OrderDetailRepository>();
        services.AddScoped<IOrderDetailService, OrderDetailService>();
    })
    //.ConfigureAppConfiguration(app => 
    //{
    //    app.UseAuthentication();
    //})
    .Build();
host.Run();



public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    public BasicAuthenticationHandler(
        IOptionsMonitor<AuthenticationSchemeOptions> options,
        ILoggerFactory logger,
        UrlEncoder encoder,
        ISystemClock clock)
        : base(options, logger, encoder, clock)
    {
    }
    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        if (!Request.Headers.ContainsKey("Authorization"))
        {
            Response.Headers.Add("WWW-Authenticate", @"Basic realm='Secure Area'");
            return AuthenticateResult.Fail("Missing Authorization Header");
        }
        User user = null;
        try
        {
            var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
            var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
            var credentials = Encoding.UTF8.GetString(credentialBytes).Split(new[] { ':' }, 2);
            var username = credentials[0];
            var password = credentials[1];
            if (username.Equals("admin") && password.Equals("password"))
            {
                user = new User { Id = 1, Username = "admin", Birthday = DateTime.Now };
            }
        }
        catch
        {
            return AuthenticateResult.Fail("Invalid Authorization Header");
        }
        if (user == null)
            return AuthenticateResult.Fail("Invalid Username or Password");
        var claims = new[] {
            new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
            new Claim(ClaimTypes.Name, user.Username),
        };
        var identity = new ClaimsIdentity(claims, Scheme.Name);
        var principal = new ClaimsPrincipal(identity);
        var ticket = new AuthenticationTicket(principal, Scheme.Name);
        return AuthenticateResult.Success(ticket);
    }
}



[Function("Function1")]
public async Task<IActionResult> NewOrder([HttpTrigger(AuthorizationLevel.User, "get", "post")] HttpRequest req)
{

}

But I found that user requests without Authorization request headers can also go through. Any suggestion?

Thanks

Share via

Does azure function support basic authentication?

2 answers

Your answer