DarkLoop.Azure.Functions.Authorize
3.1.3-preview-240211-5
See the version list below for details.
dotnet add package DarkLoop.Azure.Functions.Authorize --version 3.1.3-preview-240211-5
NuGet\Install-Package DarkLoop.Azure.Functions.Authorize -Version 3.1.3-preview-240211-5
<PackageReference Include="DarkLoop.Azure.Functions.Authorize" Version="3.1.3-preview-240211-5" />
paket add DarkLoop.Azure.Functions.Authorize --version 3.1.3-preview-240211-5
#r "nuget: DarkLoop.Azure.Functions.Authorize, 3.1.3-preview-240211-5"
// Install DarkLoop.Azure.Functions.Authorize as a Cake Addin #addin nuget:?package=DarkLoop.Azure.Functions.Authorize&version=3.1.3-preview-240211-5&prerelease // Install DarkLoop.Azure.Functions.Authorize as a Cake Tool #tool nuget:?package=DarkLoop.Azure.Functions.Authorize&version=3.1.3-preview-240211-5&prerelease
functions-authorize
Bringing AuthorizeAttribute Behavior to Azure Functions v3 and v4 (In-Process)
It hooks into .NET Core dependency injection container to enable authentication and authorization in the same way ASP.NET Core does.
License
This projects is open source and may be redistributed under the terms of the Apache 2.0 license.
Using the package
Installing the package
dotnet add package DarkLoop.Azure.Functions.Authorize
Setting up authentication
The goal is to utilize the same authentication framework provided for ASP.NET Core
using Microsoft.Azure.Functions.Extensions.DependencyInjection;
using MyFunctionAppNamespace;
[assembly: FunctionsStartup(typeof(Startup))]
namespace MyFunctionAppNamespace
{
class Startup : FunctionsStartup
{
public void Configure(IFunctionsHostBuilder builder)
{
builder
.AddAuthentication(options =>
{
options.DefaultAuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(options =>
{
options.ClientId = "<my-client-id>";
// ... more options here
})
.AddJwtBearer(options =>
{
options.Audience = "<my-audience>";
// ... more options here
});
builder
.AddAuthorization(options =>
{
options.AddPolicy("OnlyAdmins", policyBuilder =>
{
// configure my policy requirements
});
});
}
}
}
No need to register the middleware the way we do for ASP.NET Core applications.
Using the attribute
And now lets use FunctionAuthorizeAttribute
the same way we use AuthorizeAttribute
in our ASP.NET Core applications.
public class Functions
{
[FunctionAuthorize]
[FunctionName("get-record")]
public async Task<IActionResult> GetRecord(
[HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
ILogger log)
{
var user = req.HttpContext.User;
var record = GetUserData(user.Identity.Name);
return new OkObjectResult(record);
}
[FunctionAuthorize(Policy = "OnlyAdmins")]
[FunctionName("get-all-records")]
public async Task<IActionResult>(
[HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
ILogger log)
{
var records = GetAllData();
return new OkObjectResult(records);
}
}
Releases
Builds
Change log
Adding change log starting with version 3.1.3
3.1.3
Support for disabling
FunctionAuthorize
effect at the application level.Adding support for disabling the effect of
[FunctionAuthorize]
attribute at the application level.
This is useful when wanting to disable authorization for a specific environment, such as local development.When configuring services, you can now configure
FunctionsAuthorizationOptions
.builder.Services.Configure<FunctionsAuthorizationOptions>(options => options.DisableAuthorization = Configuration.GetValue<bool>("AuthOptions:DisableAuthorization"));
Optionally you can bind it to configuration to rely on providers like User Secrets or Azure App Configuration to disable and re-enable without having to restart your application:
builder.Services.Configure<FunctionsAuthorizationOptions>( Configuration.GetSection("FunctionsAuthorization"));
For function apps targeting .NET 7 or greater, you can also use
AuthorizationBuilder
to set this value:builder.Services .AddAuthorizationBuilder() .DisableAuthorization(Configuration.GetValue<bool>("AuthOptions:DisableAuthorization"));
Its always recommended to encapsulate this logic within checks for environments to ensure that if the configuration setting is unintentionally moved to a non-desired environment, it would not affect security of our HTTP triggered functions. This change adds a helper method to identify if you are running the function app in the local environment:
if (builder.IsLocalAuthorizationContext()) { builder.Services.Configure<FunctionsAuthorizationOptions>( options => options.AuthorizationDisabled = true); }
If you want to output warnings emitted by the library remember to set the log level to
Warning
or lower forDarkloop
category in yourhost.json
file:{ "logging": { "logLevel": { "DarkLoop": "Warning" } } }
Thanks to BenjaminWang1031 for the suggestion to add this functionality.
Remove Functions bult-in JwtBearer configuration by default (Breaking change?)
Azure Functions recently added configuration for issuer and audience validation for the default authentication flows, not the one supported by this package through
FunctionAuthorizeAttribute
, which interferes with token validation when using our own Bearer scheme token configuration. In prior versions, this package has functionality to clear Functions built-in configuration, but it was not enabled by default when usingAddJwtBearer(Action<JwtBearerOptions> configure, bool removeBuiltInConfig = false)
. Since the use of this package is commonly used for custom JWT token, the default value ofremoveBuiltInConfig
is nowtrue
.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.1 is compatible. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.1
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 2.2.0)
- Microsoft.AspNetCore.Authorization (>= 3.0.3)
- Microsoft.Azure.Functions.Extensions (>= 1.1.0)
- Microsoft.Azure.WebJobs.Extensions.Http (>= 3.0.2)
-
net7.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 7.0.0)
- Microsoft.AspNetCore.Authorization (>= 7.0.0)
- Microsoft.Azure.Functions.Extensions (>= 1.1.0)
- Microsoft.Azure.WebJobs.Extensions.Http (>= 3.0.2)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
4.0.0 | 1,062 | 3/19/2024 |
4.0.0-preview-240319-1 | 102 | 3/19/2024 |
4.0.0-preview-240311-16 | 114 | 3/11/2024 |
4.0.0-preview-240304-38 | 149 | 3/4/2024 |
3.1.3 | 8,120 | 2/12/2024 |
3.1.3-preview-240211-5 | 180 | 2/11/2024 |
3.1.3-preview-240211-2 | 186 | 2/11/2024 |
3.1.2 | 56,494 | 11/30/2022 |
3.1.2-preview-221118-1 | 247 | 11/18/2022 |
3.1.1 | 11,951 | 11/7/2022 |
3.1.1-preview-221107-1 | 262 | 11/7/2022 |
3.1.1-preview-220811-1 | 356 | 8/11/2022 |
3.1.0 | 136,603 | 12/6/2021 |
3.1.0-preview-211123-1 | 5,408 | 11/23/2021 |
3.0.12-preview-211118-1 | 457 | 11/18/2021 |
3.0.12-preview-210730-1 | 687 | 7/30/2021 |
3.0.11-preview-210408-4 | 2,390 | 4/8/2021 |
3.0.11-preview-210408-3 | 340 | 4/8/2021 |
3.0.11-preview-210408-2 | 382 | 4/8/2021 |
3.0.11-preview-210408-1 | 353 | 4/8/2021 |
3.0.11-preview-210407-11 | 474 | 4/7/2021 |