New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure Functions Authentication during Development / local testing #8536
Comments
Hi @Ved2806, thanks for the answer but I am afraid this describes only how to configure the app service on Azure. I specifically asked on how to configure this locally for testing / debugging purposes. |
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
Hi @Ved2806, this issue is not stale and I am still hoping for an answer🥹 |
I've been working with .NET Azure Functions for some time and as far as I'm aware there is currently no way to run Azure App Service Plan Authentication (EasyAuth) while developing .NET Azure Functions locally. When you enable EasyAuth for your Azure Functions in Azure (or any Azure Web App) all the HTTP traffic flows through dedicated sidecar process that authenticates all incoming HTTP requests with the configuration you provided in the Azure Portal and forwards the requests to Azure Function with all identity related information via specific HTTP request headers. Azure Functions is smart enough to extract all this identity data from the HTTP headers and populate the All this works great in Azure but I don't believe there is any kind of local emulator for this critical sidecar process we call EasyAuth. My current approach is to use a specific version It's not so developer friendly because there are some weird edge cases (e.g. calling another API on-behalf-of the user) you have to debug and find workarounds yourself or in GitHub issues but so far it gets the job done for me. You might also want to enable EasyAuth in Azure anyway and use All above mentioned tips I used with .NET6 v4 Azure Functions with in-process model. There is an issue here that currently has |
Hi @marcinburak, thanks for the answer. Appreciate it. By the way I found https://github.com/fmichellonet/AzureFunctions.Extensions.OpenIDConnect to handle authentication locally. Seems to work well. |
Library seems quite nice and should work, just a word of caution: the library uses If you have no problem with using the isolated process model instead of in-process model, you can do the same exact thing using middleware which is GA and will be the new standard way of invoking authentication. Here is an example. |
Keep in mind that the library you linked only authenticates and authorizes the HTTP requests but if your Azure Functions need to call some other web API like Microsoft Graph on behalf of the user, then you will need to write some additional code yourself to achieve that. |
Thanks for another valuable feedback @marcinburak. I'll move away from HTTP triggered functions. Too many unresolved questions. Too many unknown variables for for me for now... I'll probably use Azure Container Apps and ASP.net core instead. |
Hi @Ved2806, don't think this issue is closed/completed. Bottom line is that it's difficult to handle authorization and that should change in the future. So I think some issue should track the problem and hopefully resolve this in future. |
Question
My Azure functions (mostly written in C#) require HTTP authentication (
AuthorizationLevel.User
). I found many resources on how to configure OpenID on Azure but could not find much on how to setup the authentication locally during development.The function core tools have a dedicated
--enableAuth
flag. Adding theenableAuth
flag to the run command (func start --enable-auth
) results in some more services being injected in the DI container. As far as I understand this disables the local default behaviour where the functionAuthorizationLevel
is ignored and instead performs the authentication steps. I could not find any documentation how this authentication pipeline works locally? How can I define the OpenID provider and how can I pass the Bearer token (I assume with theAuthentication
header)?In the end I need
ClaimsPrincipal
to contain relevant user information provided by the Auth Token (Bearer) so that I can access the user context during local development.The text was updated successfully, but these errors were encountered: