Authentication Enhancement -> App Service Environment Check

[seantleonard]

Note: StaticWebApps does not provide the ability to check host environment variables to detect whether the engine is running in a Static Web Apps environment. This capability, therefore, is only available in AppService environments.

Summary

Runtime Config: Auth-> AppService
When DataGateway Runtime starts, we may want to check server host environment variables to see if the environment is SWA. Even though we don't check x-ms-client-principal header if AppService easyAuth are configured, this would be an additional sanity check to prevent users from accidentally hosting in the wrong mode, opening them up to potential security issues.

Idea follows model of Microsoft.Identity.Web: https://github.com/AzureAD/microsoft-identity-web/blob/4085a499afb8be6e02c5d24182cbdbc5a35a4031/src/Microsoft.Identity.Web/AppServicesAuth/AppServicesAuthenticationInformation.cs

• Add test to ensure that if we are using jwt auth, we are not looking at that header, and vice versa.

[seantleonard]

open question with SWA team to determine how to validate injected HTTP headers to know what environment we are in. Environment variables on the host VM of DAB will not tell us whether we are in a SWA environment. so this wouldn't be a warning we can use to alert developers during startup/config validation.

https://stackoverflow.microsoft.com/questions/330259

[seantleonard]

This is also coupled with the Hosting conversations with SWA and what tokens/metadata will be available to us and is also guaranteed to be provided by SWA