![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 92%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,263 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 71%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
@JKFrancis Thanks for reaching out. In app service or function app when you update the configuration of Incoming client certificates the app service injects an X-ARR-ClientCert request header with the client certificate. App Service does not do anything with this client certificate other than forwarding it to your app. Your app code is responsible for validating the client certificate as documented here.
So in case if function app/app service you need to write your own code to validate the client certificate. Until and unless you are not writing any code for the validation it should work without passing the client certificate and right authentication.
For reference, you can create an HTTP trigger function app and call this function in other functions to validate if the certificate is valid or not. You can modify it as per your requirement.
[FunctionName("ValidateCertAuth")]
public IActionResult RandomStringCertAuth(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req)
{
_log.LogInformation("C# HTTP trigger to validate the certificate.");
StringValues cert;
if (req.Headers.TryGetValue("X-ARR-ClientCert", out cert ))
{
byte[] clientCertBytes = Convert.FromBase64String(cert[0]);
X509Certificate2 clientCert = new X509Certificate2(clientCertBytes);
// Validate Thumbprint
if (clientCert.Thumbprint != "yourthumprint")
{
return new BadRequestObjectResult("A valid client certificate is not used");
}
// Validate NotBefore and NotAfter
if (DateTime.Compare(DateTime.UtcNow, clientCert.NotBefore) < 0
|| DateTime.Compare(DateTime.UtcNow, clientCert.NotAfter) > 0)
{
return new BadRequestObjectResult("client certificate not in alllowed time interval");
}
// Add further validation of certificate as required.
return new OkObjectResult(GetEncodedRandomString());
}
return new BadRequestObjectResult("A valid client certificate is not found");
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 6%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)