[英]Securing Function App via 'Authentication' blade in Azure Portal vs. manually in Startup.cs
I secured my ASP.NET Core Azure Function App by modifying the configuration in Startup.cs and calling the Microsoft.Identity.Web's AddAuthentiction and AddMicrosoftIdentityWebApi extension methods on the services collection object (similar to the approach used in the AzureFunctions example in the Tests directory of the GitHub repo of Microsoft.Identity.Web). I secured my ASP.NET Core Azure Function App by modifying the configuration in Startup.cs and calling the Microsoft.Identity.Web's AddAuthentiction and AddMicrosoftIdentityWebApi extension methods on the services collection object (similar to the approach used in the AzureFunctions example in the Tests directory of the Microsoft.Identity.Web 的 GitHub 存储库)。 This allows me to securely call the Azure Function API from my Blazor Server app using Microsoft Identity Platform.这允许我使用 Microsoft 身份平台从我的 Z98AD8B3C99B3CA16F1F7FA84EE6 服务器安全地调用 Azure Function API。 The Azure Functions API does not call any downstream api. Azure 函数 API 不调用任何下游 api。
This approach works perfectly fine without the need to enable the Authentication option under Function App - Setting in Azure Portal and specifying an identity provider there and linking it to an Azure AD app registration.这种方法工作得很好,无需启用 Function 应用程序下的身份验证选项- 在 Azure 门户中设置并在那里指定身份提供者并将其链接到 Z3A580F142203677F1F0BC30898F63F 应用程序注册。
Does somebody know what does enabling authentication and adding an identity provider under settings of the Function App in the Azure Portal do compared to the manual configuration in Startup.cs?与 Startup.cs 中的手动配置相比,有人知道在 Azure 门户中的 Function 应用程序的设置下启用身份验证和添加身份提供者有何作用? If I understand correctly, it does the same thing but implicitly instead of explicitly in the Startup.cs.如果我理解正确,它会做同样的事情,但在 Startup.cs 中是隐式而不是显式的。
That option, sometimes referred as "Easy Auth" enables an additional container (or program) that will validate the token, so you don't have to.该选项(有时称为“Easy Auth”)启用了一个额外的容器(或程序)来验证令牌,因此您不必这样做。 Request will first go to that middleware application and then, if validation passes, will go to your app.请求将首先 go 到该中间件应用程序,然后,如果验证通过,将 go 到您的应用程序。
For details see the docs page: https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization有关详细信息,请参阅文档页面: https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
That option is common to the webapps and function apps.该选项对 webapps 和 function 应用程序很常见。 The code runs separately, so it's not part of your application middleware chain.代码单独运行,因此它不是应用程序中间件链的一部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.