Does/Should Azure Function authorisation apply when the function is called by a logic app in the same Subscription?

1
votes

I have an Azure Function with a HTTP trigger and have set the authorisation level on the function to AuthorizationLevel.Function. When calling the function from something like Postman I have to supply the function-key as I expect and I receive a 200 code when it executes (otherwise i get a 401: Unauthorised Access).

However when calling the Function via a Logic App within the same subscription (using the Azure Functions action), the Logic App and Function executes successfully without the need for a function Key.

I would expect the Function to still request the function key from the Logic App, unless this does not apply to resources within the same subscription?

Logic App Build: enter image description here

Logic App Execution: enter image description here

1
azureazure-functionsazure-logic-apps
Please don't link an images to your post. Instead, just embed the image to your question by clicking the image icon on the top of the editor box.Novak
Apologies! It wouldn't let me because it was my first postJAA

1 Answers

1
votes

It is expected. The built-in Azure Function action uses the complete URL of Http trigger hence we don't need to worry about the authentication. It's all by design because once we are able to find the Azure Functions in the logic app(which locates in the same subscription), which means we have access to them.

If you want to provide authentication key by yourself, you could use Http action instead.