如何授权保护Azure Function?
[英]How I can protect Azure Function by authorization?
问题描述
I am starting with the Azure function in which I am creating API Function. After creating that function, I need to protect it.
我从创建 API Function 的 Azure function 开始。创建 function 后,我需要保护它。
Previously, I used the Microsoft.Identity.Platform to protect API's recourses, in which I created a registration in Azure AD for API, exposed the scopes, added the client apps in the list to provide access to the resources.以前,我使用Microsoft.Identity.Platform来保护 API 的资源,其中我在 Azure AD 中为 API 创建了一个注册,公开了范围,在列表中添加了客户端应用程序以提供对资源的访问。 Furthemore, it required to confirmation for ' API permission ' in client app's Azure AD registration.此外,它需要在客户端应用程序的 Azure AD 注册中确认“ API 权限”。
So, is there anything similar can I do, and do you think it would be a good option or if there are other options to pick from?那么,我能做些什么类似的事情吗?您认为这是一个不错的选择吗?或者是否还有其他选择可供选择?
I read about the function key, but I read it is good for development not good for production.我读到了 function 密钥,但我读到它对开发有利,对生产不利。
1 个解决方案
解决方案1
0 2023-01-20 09:49:19
I read about the function key, but I read it is good for development not good for production.
As you can see in this MS Doc , Microsoft mentioned that Authorization keys along with App Service Authentication is good for securing the HTTP Endpoints on all the stages like dev, testing and production environments in Azure Functions.正如您在此MS 文档中看到的那样,Microsoft 提到授权密钥和应用服务身份验证非常适合在 Azure 函数中的开发、测试和生产环境等所有阶段保护 HTTP 端点。
Also, there are multiple ways to secure your function API such as Authorization Keys, using APIM, (Front door + WAF) for restricting the incoming requests.此外,还有多种方法可以保护您的 function API,例如使用 APIM(前门 + WAF)来限制传入请求的授权密钥。
One of my workarounds 72633969 shows in securing the Azure functions in the context of restrict the function app from inte.net access and allow only from the APIM Instance.我的解决方法之一 72633969显示在限制 function 应用程序无法访问 inte.net 且仅允许来自 APIM 实例的上下文中保护 Azure 函数。
The Steps I followed for the above solution in securing the Azure Function App APIs through APIM is :在通过 APIM 保护 Azure Function 应用程序 API 时,我针对上述解决方案遵循的步骤是:
- Created a Http Trigger Function in the Function App.在886982359588 App中创建了一个Http触发器Function。
- Adding the allowed IP Addresses in the Access Restrictions of the Azure Function App Portal Menu > Networking Tab.在 Azure 886982359588 应用程序门户菜单 > 网络选项卡的访问限制中添加允许的 IP 地址。
- Set the Authorization Level of API to the "Function" Level or Custom key-value level that adds more security after adding to APIM Instance.将 API 的授权级别设置为“功能”级别或自定义键值级别,以在添加到 APIM 实例后增加更多安全性。
- Added/Imported the Function API in APIM Instance and checked from the allowed IP addresses and also non-allowed IP address (System):在 APIM 实例中添加/导入 Function API 并检查允许的 IP 地址和不允许的 IP 地址(系统):
And more information on securing APIs using APIM Instance is given in the above Microsoft Documentation.上述 Microsoft 文档中提供了有关使用 APIM 实例保护 API 的更多信息。
Authorization keys are a default security mechanism which is better if keys not published in public applications or publicly shared .授权密钥是一种默认的安全机制,如果密钥未在公共应用程序中发布或公开共享,则更好。
For better security mechanism, choose different options for the production environment.为了更好的安全机制,为生产环境选择不同的选项。 the other ways should be followed from the above-mentioned comment and refer to MS Q&A Forum 801055 provided the same by the user @ LohithGN .其他方式请参考上述评论并参考用户@LohithGN提供的MS Q&A Forum 801055 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.