Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] support for Azure Container Apps with Easy Auth #2274

Open
johnnyreilly opened this issue Jun 11, 2023 · 2 comments
Open

[Feature Request] support for Azure Container Apps with Easy Auth #2274

johnnyreilly opened this issue Jun 11, 2023 · 2 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request feature request

Comments

@johnnyreilly
Copy link
Contributor

johnnyreilly commented Jun 11, 2023
edited

Is your feature request related to a problem? Please describe.

Easy Auth is a great way to authenticate your users. However, when used in the context of Azure Container Apps, .NET applications do not, by default, recognise that Easy Auth is in place. What I mean by this, is that you might be authenticated but .NET will still act as if you aren't. builder.Services.AddAuthentication() and app.UseAuthentication() doesn't change that.

Whilst support for Easy Auth with Azure App Service was added in v1.2: https://github.com/AzureAD/microsoft-identity-web/wiki/1.2.0#integration-with-azure-app-services-authentication-of-web-apps-running-with-microsoftidentityweb - the same support does not exist for Azure Container Apps which works upon different environment variables and request headers.

I've implemented my own custom approach here: https://johnnyreilly.com/azure-container-apps-easy-auth-and-dotnet-authentication

It'd be awesome if this was just generally available to the world though.

Describe the solution you'd like

In the same way that support for Azure App Service is built into Microsoft.Identity.Web, it would be awesome if the same support was available for Azure Container Apps. So imagine being able to write:

builder.Services.AddMicrosoftIdentityWebAppAuthentication(Configuration);

And have everything magically just work.

Describe alternatives you've considered

Building my own solution, which I have done - see above.

Additional context

See blog post.
@johnnyreilly johnnyreilly added enhancement New feature or request feature request labels Jun 11, 2023
@jonsing
Copy link

jonsing commented Dec 30, 2023

+1 - this would be very nice!

@joergjo
Copy link

joergjo commented Jan 8, 2024

+1

The environment variables checked by AppServicesAuthenticationInformation.IsAppServicesAadAuthenticationEnabled can be worked around (just set them for the Container App manually), but the authentication handler tries to obtain the claims from X-MS-TOKEN-AAD-ID-TOKEN (which isn't available in Container Apps) instead of X-MS-CLIENT-PRINCIPAL. The latter approach would work for both Container Apps and App Services/Functions.

@jmprieur jmprieur added the documentation Improvements or additions to documentation label Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@johnnyreilly @joergjo @jonsing @jmprieur