[英]Grant permission for Azure App Service to Access an Azure Function
I have published an Azure Function to Azure, I need to allow my WebApps to access it but not the public web. I have published an Azure Function to Azure, I need to allow my WebApps to access it but not the public web. I've enabled "Log in with Azure Active Directory" when the user isn't logged in:
当用户未登录时,我已启用“使用 Azure Active Directory 登录”:
If I navigate to the URL of my function, I can see it executes successfully after logging in:如果我导航到我的 function 的 URL,我可以看到它在登录后成功执行:
Next, I registered the function in Azure Active Directory App Registrations.接下来,我在 Azure Active Directory App Registrations 中注册了 function。 Now I want to allow multiple WebApps to access this function but I can't figure out how to get it work.
现在我想允许多个 WebApp 访问这个 function 但我不知道如何让它工作。 I went to the App Registration for the function and added an "Authorized Client Application":
我去了 function 的应用程序注册并添加了“授权客户端应用程序”:
However, when my client WebApp performs a http get on the function, I get a 401 error, "You do not have permission to view this directory or page."但是,当我的客户端 WebApp 在 function 上执行 http 时,我收到 401 错误,“您无权查看此目录或页面。”
You didn't show the code, I assume you send the request in the code without the ad token.您没有显示代码,我假设您在没有广告令牌的代码中发送请求。
You need to do like this:你需要这样做:
import requests
from azure.identity import ClientSecretCredential
client_id = 'xxxxxx'
tenant_id = 'xxxxxx'
client_secret = 'xxxxxx'
credential = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)
accesstoken = str(credential.get_token('https://yourfunctionappname.azurewebsites.net/.default'))[19:1269]
bearertoken = "Bearer "+accesstoken
r = requests.post("https://yourfunctionappname.azurewebsites.net/api/HttpTrigger1",headers={'Authorization': bearertoken})
Above code works fine on my side.上面的代码在我这边工作正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.