DarkLoop.Azure.Functions.Authorization.Isolated
4.1.3-preview-241121-5
dotnet add package DarkLoop.Azure.Functions.Authorization.Isolated --version 4.1.3-preview-241121-5
NuGet\Install-Package DarkLoop.Azure.Functions.Authorization.Isolated -Version 4.1.3-preview-241121-5
<PackageReference Include="DarkLoop.Azure.Functions.Authorization.Isolated" Version="4.1.3-preview-241121-5" />
paket add DarkLoop.Azure.Functions.Authorization.Isolated --version 4.1.3-preview-241121-5
#r "nuget: DarkLoop.Azure.Functions.Authorization.Isolated, 4.1.3-preview-241121-5"
// Install DarkLoop.Azure.Functions.Authorization.Isolated as a Cake Addin #addin nuget:?package=DarkLoop.Azure.Functions.Authorization.Isolated&version=4.1.3-preview-241121-5&prerelease // Install DarkLoop.Azure.Functions.Authorization.Isolated as a Cake Tool #tool nuget:?package=DarkLoop.Azure.Functions.Authorization.Isolated&version=4.1.3-preview-241121-5&prerelease
functions-authorization-isolated
Bringing AuthorizeAttribute Behavior to Azure Functions v4 in Isolated mode.
It hooks into .NET Core dependency injection container to enable authentication and authorization in the same way ASP.NET Core does.
Breaking for current package consumers
Starting with version 4.1.0, due to security changes made on the Functions runtime, the Bearer scheme is no longer supported for your app functions.
Use
AddJwtFunctionsBearer(Action<JwtBearerOptions>)
instead ofAddJwtBearer(Action<JwtBearerOptions>)
when setting up authentication. UsingAddJwtBearer
will generate a compilation error when used againstFunctionsAuthenticationBuilder
. We are introducingJwtFunctionsBearerDefaults
to refer to the suggested new custom scheme name.No changes should be required if already using a custom scheme name.
Using the package
Installing the package
dotnet add package DarkLoop.Azure.Functions.Authorization.Isolated
Setting up authentication and authorization
The goal is to utilize the same authentication framework provided for ASP.NET Core
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Azure.Functions.Worker;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
var host = new HostBuilder()
.ConfigureFunctionsWebAppliction(builder =>
{
// Explicitly adding the extension middleware because
// registering middleware when extension is loaded does not
// place the middleware in the pipeline where required request
// information is available.
builder.UseFunctionsAuthorization();
})
.ConfigureServices(services =>
{
services
.AddFunctionsAuthentication(JwtBearerDefaults.AuthenticationScheme)
// This is important as Bearer scheme is used by the runtime
// and no longer supported by this framework.
.AddJwtFunctionsBearer(options =>
{
options.Authority = "https://login.microsoftonline.com/your-tenant-id";
options.Audience = "your-app-id-uri";
...
});
services.AddFunctionsAuthorization(options =>
{
options.AddPolicy("OnlyAdmins", policy => policy.RequireRole("Admin"));
});
// Add other services
})
.Build();
host.Run();
Starting with version 4.1.0, the default Bearer scheme is not supported by this framework. You can use a custom scheme or make use of
AddJwtFunctionsBearer(Action<JwtBearerOptions>)
as shown above. This one adds the"FunctionsBearer"
scheme. Clients still submit token for Authorization header in the format:Bearer <token>
.
Notice the call to UseFunctionsAuthorization
in the ConfigureFunctionsWebAppliction
method.
This is required to ensure that the middleware is placed in the pipeline where required function information is available.`
Using the attribute
And now lets use FunctionAuthorizeAttribute
the same way we use AuthorizeAttribute
in our ASP.NET Core applications.
[FunctionAuthorize]
public class Functions
{
[FunctionName("get-record")]
public async Task<IActionResult> GetRecord(
[HttpTrigger("get")] HttpRequest req, ILogger log)
{
var user = req.HttpContext.User;
var record = GetUserData(user.Identity.Name);
return new OkObjectResult(record);
}
[Authorize(Policy = "OnlyAdmins")]
[FunctionName("get-all-records")]
public async Task<IActionResult> GetAllRecords(
[HttpTrigger("get")] HttpRequest req, ILogger log)
{
var records = GetAllData();
return new OkObjectResult(records);
}
}
Something really nice to notice is that for Functions in Isolated mode, the HttpTriggerAttribute
default AuthenticationLevel
is Anonymous
, playing really well with the attribute.<br/>
Also notice how the second function uses the AuthorizeAttribute
attribute to apply a policy to the function. FunctionAuthorizeAttribute
was left as part of the framework only to make it easier to migrate from In-Proc to Isolated, but they can be used interchangeably.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- DarkLoop.Azure.Functions.Authorization.Abstractions (>= 4.1.3-preview-241121-5)
- Microsoft.Azure.Functions.Worker.Extensions.Abstractions (>= 1.3.0)
- Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore (>= 1.3.2)
-
net7.0
- DarkLoop.Azure.Functions.Authorization.Abstractions (>= 4.1.3-preview-241121-5)
- Microsoft.Azure.Functions.Worker.Extensions.Abstractions (>= 1.3.0)
- Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore (>= 1.3.2)
-
net8.0
- DarkLoop.Azure.Functions.Authorization.Abstractions (>= 4.1.3-preview-241121-5)
- Microsoft.Azure.Functions.Worker.Extensions.Abstractions (>= 1.3.0)
- Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore (>= 1.3.2)
NuGet packages (4)
Showing the top 4 NuGet packages that depend on DarkLoop.Azure.Functions.Authorization.Isolated:
Package | Downloads |
---|---|
Energinet.DataHub.Core.App.FunctionApp
[Release Notes](https://github.com/Energinet-DataHub/geh-core/blob/master/source/App/documents/release-notes/release-notes.md) [Documentation](https://github.com/Energinet-DataHub/geh-core/blob/master/source/App/documents/documentation.md) |
|
IglooSoftware.Sdk.Authorization
Facilities for authorizing calls to Igloo APIs. |
|
Snokam.Api
Package Description |
|
Snokam.Middleware
Package Description |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
4.1.3-preview-241121-5 | 0 | 11/21/2024 |
4.1.2 | 20,417 | 8/20/2024 |
4.1.2-preview-240819-12 | 437 | 8/19/2024 |
4.1.2-preview-240818-2 | 316 | 8/18/2024 |
4.1.1 | 472 | 8/17/2024 |
4.1.1-preview-240816-18 | 106 | 8/16/2024 |
4.1.1-preview-240719-1 | 96 | 7/19/2024 |
4.1.0 | 10,368 | 5/27/2024 |
4.1.0-preview-240522-2 | 160 | 5/22/2024 |
4.1.0-preview-240522-1 | 93 | 5/22/2024 |
4.1.0-preview-240521-1 | 94 | 5/21/2024 |
4.0.1 | 10,137 | 3/19/2024 |
4.0.0 | 258 | 3/19/2024 |
4.0.0-preview-240319-1 | 82 | 3/19/2024 |
4.0.0-preview-240311-16 | 403 | 3/11/2024 |
4.0.0-preview-240304-38 | 98 | 3/4/2024 |