How to check authorization with Azure Functions

0
votes

I'm using Azure Functions to be the middleman between my Xamarin Forms app and my ComosDB Table. I think I understand how authentication works using Active Directory B2C, but I'm unclear about how authorization checks take place.

My understanding is that I can enable Active Directory B2C to authenticate the user and give them an access token. I can then make an http call to an Azure Function with the token as a parameter. How do I check that the token is correct for that user. Ultimately, I want to protect the data in the Table and only give data relevant to that specific user.

1
azureauthenticationactive-directoryauthorizationazure-functions
It would be good if you add the code snippet, which you believe works and separately highlight the changes you need. This would help to make your question more understandable and will get solution faster - Rajeesh Madambat
I haven't added any authorization code yet, I'm doing research to try to understand how the pieces fit together. I think the concept of 'claims' and using the ClaimsPrincipal class what I need. Can anyone confirm? - Tony Ho

1 Answers

0
votes

There are at least 2 approaches to validate tokens in Azure Functions:

The first is that you could do it manually: https://github.com/Azure-Samples/ms-identity-dotnet-webapi-azurefunctions/blob/12640a348852696ac0d01e7adfd937900ef8ea40/Function/BootLoader.cs#L73. This uses Microsoft.IdentityModel.Protocols.OpenIdConnect and System.IdentityModel.Tokens.Jwt to get the configuration from the metadata endpoint and validate the token. The main difference for you would be the openid-configuration URL, which you can get from the view that allows you to run a B2C user flow for testing in Azure portal.

Another approach is to use App Service Authentication: https://cgillum.tech/2016/05/27/app-service-auth-and-azure-ad-b2c/.