How to Setup Authentication for Azure Functions

Рет қаралды 32,607

Күн бұрын

This video describes two ways you can setup authentication in Azure Functions: Key (token) based auth and Azure AD Integrated. The step-by-step video also describes what the different authorization levels do.

Пікірлер: 28

@OThyme 10 ай бұрын

Excellent walkthrough and provide the overview in only 20 minutes. Thanks

@devops-sushi5534 Жыл бұрын

Easy to follow, lots of information. Cheers!

@azureappmodernization9036 Жыл бұрын

Glad you enjoyed it!

@devops-sushi5534 Жыл бұрын

@@azureappmodernization9036 Do you think a JWT flow woudl make sense for a azure function or should i go for AD-Auth a) in general? even for CI/CD use cases like text-2-speech translations b) as API/ Fetch for my Vue frontend

@ketanjoshi4568 2 ай бұрын

great video, very useful and thorough

@theMrM_ 2 жыл бұрын

Excellent content sir, thanks for share it

@azureappmodernization9036 Жыл бұрын

My pleasure

@galandekapil 2 жыл бұрын

Thank you for a great video. It gives a lot of knowledge. How you planning to create similar video using System Managed Identity?

@azureappmodernization9036 2 жыл бұрын

Hey Kaps! Glad you liked it! The SMI video is up as well. Look for the title "How to Setup Auth with Managed Identity" . I also show how to create a CRUD API against SQL server in that video.

@YiğitŞimşek-x8k Жыл бұрын

What if my client is a NextJS application running on App Services? I gave the proper API permissions, but can you please explain how to send a request from inside the application and not through the CLI?

@cybersamurai99 3 ай бұрын

This was beautiful, well done!

@Tolmachovtv 6 ай бұрын

Nice and handy tutorial. Thanks for the video!

@mrpija2638 Жыл бұрын

thank you! very useful and well explained... do you have any example about an endpoint to generate token?

@macauba2 2 жыл бұрын

Thanks for this content! it's helped me a lot.

@azureappmodernization9036 2 жыл бұрын

Glad to hear it! I plan on creating many more of these, so let me know if there's something you're interested in.

@ImayaTRayar 19 күн бұрын

Thanks for the great video sir. Please help me to know if Azur AD access is denied to me, what should I do. Where should I give permission in the azur portal and who should give. Kindly help me Sir

@vin2629 Жыл бұрын

Amazing tutorial.

@azureappmodernization9036 Жыл бұрын

Glad you liked it

@vin2629 Жыл бұрын

@@azureappmodernization9036 Hey just a question, if the functions are not http triggered, say queue triggered then key mechanism is the only way to authorize the functions right ? I do know that managed identity is a way, but I’m sure we can’t have an app registration in this case. Am I correct ?

@georgeollis 2 жыл бұрын

Very useful, thanks for this!

@pazu_513 Жыл бұрын

Thanks but a bit confused as to why you had to create two app registrations? You created nvm-addemo-... and also ADClient. What is the purpose of that?

@azureappmodernization9036 Жыл бұрын

(Apologies for the late reply) If I understand your question correctly: You have 2 entities: The caller and the function. In the first part of the video, I register the function with an identity (app registration) and then a role that we need to be in place to call the function. In the second part, we need an identity to call the function and we associate the role the function needs with that identity. When the call is made this occurs (in a similar order) , the function asks AD: "Is the caller allowed to call me?" So AD will challenge the caller with auth information. The caller logs into AD (with client and secret), AD gives it a token that is valid for a period of time. The caller resends the request to the function, which asks AD the same question again: "Is the caller allowed to call me?" AD looks up the bearer token the client sent it and validates it, it then looks up the caller's app role and matches it with the function app role. If all looks good, it tells the function that security checks have passed.

@pazu_513 Жыл бұрын

@@azureappmodernization9036 Thank you, makes perfect sense! Seems I was just looking at it from a different perspective.

@ImayaTRayar 19 күн бұрын

Great explanation ❤

@florianprat1126 2 жыл бұрын

Hello, I tried to do the same as you did in the second part of the video but I get the error : AADSTS500011: The resource principal named api://.../... was not found in the tenant named .... This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. I have checked the configuration several times.