I have an Azure Function (let's call it Function1) which I want to make available only for selected users (via AAD in my organization). In my solution Function1 is consumed by a desktop client app (let's call it Client), which should take care for authenticating the user (if possible also authorizing) and sending the http request to Function1.
Here's how I set it all up (and it doesn't work as expected - everyone in my organization is able to use Function1 currently).
- I created a dedicated app registration on Azure (let's call it AppReg)
- I added the users who should have access to Function1 in Enterprise Applications (for the AppReg) - Users and groups section. Settings (User / Default access)
- I assigned Authentication using the AppReg in Function1, it will return 401 when not authorized
- The signature of Function1 is: public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
ILogger log)
- Client uses MSAL for authenticating the user. The process is exactly like in this tutorial
- Here is the snippet that sends the request to Function1: HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.IdToken);
HttpResponseMessage postResponse = await HttpClient.PostAsync(uri, new StringContent(json, Encoding.UTF8, "application/json"));
What should I do differently to only let specified users use Function1 and restrict any other users?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 20%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)