Azure Functions + .NET8(Isolated Mode) + OIDC - How to validate an Access Token received in the Header of every request to my Azure Function?
Currently, I'm studying a little about Azure Functions with .NET 8 and OpenId Connect, so I'm currently using a Function [Get] whose response is just an object indicating any valid return (Ex.: Protected Route, 200). What I need to do is for the Access Token (JWT) added in the request Header to be validated so that the request can be processed. Could anyone help me with examples, valid links?
Thank you very much in advance...
I looked for a way to develop Middleware to validate the access token, but I didn't find anything on the internet or in the community that would help me with this or any other way to solve the problem.
Solution
Follow below steps to validate an Access Token received in the Header in the Isolated Azure functions.
- Create a new App registration in the Microsoft Entra ID.
- Navigate to
Manage=>Authenticationin the App => provide aRedirect URIand check both Access token and ID tokens to be issued as shown below:
Redirect URI:
https://localhost:<port_number>/.auth/login/aad/callback
Install the packages in the Azure function:
Microsoft.AspNetCore.Authentication.OpenIdConnect
Microsoft.AspNetCore.Authorization
Microsoft.Identity.Web
- Thanks @Try Catch Debug for the code.
Use below code to validate the access token:
- Update ClientID, Client Secret, Tenant ID, provider
var host = new HostBuilder()
.ConfigureFunctionsWebApplication()
.ConfigureServices(services =>
{
services.AddApplicationInsightsTelemetryWorkerService();
services.ConfigureFunctionsApplicationInsights();
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddOpenIdConnect(options =>
{
options.Authority = "https://your-openid-connect-provider.com/Tenant_ID/V2.0";
options.ClientId = "client-id";
options.ClientSecret = "client-secret";
options.ResponseType = "code";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
})
.Build();
host.Run();
Code to validate access token:
var openIdConnectHandler = new OpenIdConnectHandler();
await openIdConnectHandler.InitializeAsync(request);
await openIdConnectHandler.ValidateTokenReceptionAsync(request);
await openIdConnectHandler.HandleRemoteAuthenticateAsync(request);
await openIdConnectHandler.HandleAuthenticationAsync();
Function.cs:
var claimsPrincipal = executionContext.GetHttpContext().User;
if (!claimsPrincipal.Identity.IsAuthenticated)
{
return new UnauthorizedResult();
}
var name = claimsPrincipal.FindFirst(ClaimTypes.Name)?.Value;
var email = claimsPrincipal.FindFirst(ClaimTypes.Email)?.Value;
return new OkObjectResult(new
{
Name = name,
Email = email
});
- How can i put the CRON expression in a Function app parameter in the local.settings.json file?
- Azure funcion app won't start locally after upgrade to .NET8
- Cannot install packages for Python Azure Function
- Azure Function v2 Python deployed functions are not showing
- What is a valid binding name for azure function?
- Using ConcurrentQueue in Azure Durable Function with Dataverse interaction
- Runing a functions project locally
- Azure functions decoding error for IotHub device connection state message schema
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Unable to read local.settings.json file when running Azure Function locally
- .Net Azure Function app publish does not generate a bin folder
- Azure Function App unaccounted for time in Application Insights Timeline
- Threading Issue with DbContext in Azure Functions Using Cosmos DB Provider, and MediatR
- How to stop a ServiceBusTrigger Azure function from listening to a topic subscription?
- Azure Functions with VS Code and Python: ModuleNotFoundError: No module named 'azure.storage'
- Once reliable GitHub Action Workflow now deploys non-runnable Azure Function Apps
- Parameterize runOnStartup in function.json
- SSL/TLS error on exposing Fuction App in API Management
- Github Action Deployment of Azure Function Without Public Access from All Networks
- Can't provide NuGet package source credentials to Azure Function
- How escape an = when getting a value from Azure Key Vault for Azure Functions
- Deployed functions but they are not showing up in Azure Portal
- How to get the "Function Url" which is with in a Function-App deployed using Terraform?
- Azure Function App: "Exception calling ".ctor"
- How do I reference my Azure function from pytest?
- Accessing DataVerse data and running SQL statements against it from C# code on .NET 6 (Azure Function)
- Express (bodyParser) urlencoded hangs, without callback or throwing error, when running on Azure Function
- How can I access configuration, defined in `ConfigureAppConfiguration`, in `ConfigureServices`, with only the `IServiceCollection` available?
- How to get the MaxDequeueCount in the .NET function code
- Testing manually a Time Triggered Function App in the Azure Portal fails