I'm trying to hook up azure functions with EasyAuth as it is part of the app service platform. I have configured well and its working fine out-of-the-box when authenticating with azure active directory.
But since I want to add authorization as well, I decided to do this with app_roles using this guide.
Still I cannot use this in my code. Here's my only function in the function app:
using System;
using System.IO;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using System.Security.Claims;
namespace delme_azf
{
public static class meh
{
[FunctionName("meh")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log, ClaimsPrincipal claims)
{
string name = req.Query["name"];
req.Headers.TryGetValue("X-MS-TOKEN-AAD-ID-TOKEN", out var jwt);
if (claims.IsInRole("shizzl"))
{
return new OkObjectResult($"shiiiiiiiiiiiiiiiiiiiit {name} {jwt}");
}
else
{
return new OkObjectResult($"moepppppppp === {jwt} ===");
}
}
}
}As you can see, I injected the ClaimsPrincipal, as is advertised here. And according to this I should be able to check for the existence of a role with claims.IsInRole("shizzl") but this ALWAYS return false (shizzl is the name of my role). But as you can also see, I am returning the jwt in the response as well, if I put this in https://jwt.ms the role is there!
Any guess as to why it's not working via the ClaimsPrincipal approach? Any help is really appreciated.
