if we check the code of RolesRequiredHttpContextExtensions.ValidateAppRole - it basically works with claims from request:
public static void ValidateAppRole(this HttpContext context, params string[] acceptedRoles)
{
if (acceptedRoles == null)
{
throw new ArgumentNullException(nameof(acceptedRoles));
}
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
else if (context.User == null || context.User.Claims == null || !context.User.Claims.Any())
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
}
else
{
// Attempt with Roles claim
Claim? rolesClaim = context.User.FindFirst(ClaimConstants.Roles);
// Fallback to Role claim name
if (rolesClaim == null)
{
rolesClaim = context.User.FindFirst(ClaimConstants.Role);
}
if (rolesClaim == null || !rolesClaim.Value.Split(' ').Intersect(acceptedRoles).Any())
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
string message = string.Format(CultureInfo.InvariantCulture, IDWebErrorMessage.MissingRoles, string.Join(",", acceptedRoles));
context.Response.WriteAsync(message);
}
}
}
I.e. if you would be able to get claims from request you would probably be able to implement similar check by custom code. In HTTP-triggered Azure function we may get access to claims using ClaimsPrincipal. E.g. this is how we may get user name from ClaimsPrincipal:
string currentUserName = ClaimsPrincipal.Current.Identity.Name;
ClaimsPrincipal.Current has method IsInRole() - check can it be used in your case?