stackoom
  简体   繁体   中英

How I can protect Azure Function by authorization?

 原文  2023-01-20 08:29:48       azure/ azure-functions/ msal/ microsoft-identity-platform/ azure-identity

Question

I am starting with the Azure function in which I am creating API Function. After creating that function, I need to protect it.

Previously, I used the Microsoft.Identity.Platform to protect API's recourses, in which I created a registration in Azure AD for API, exposed the scopes, added the client apps in the list to provide access to the resources. Furthemore, it required to confirmation for ' API permission ' in client app's Azure AD registration.

So, is there anything similar can I do, and do you think it would be a good option or if there are other options to pick from?

I read about the function key, but I read it is good for development not good for production.

1 answers

solution1
 0  2023-01-20 09:49:19

I read about the function key, but I read it is good for development not good for production.

As you can see in this MS Doc , Microsoft mentioned that Authorization keys along with App Service Authentication is good for securing the HTTP Endpoints on all the stages like dev, testing and production environments in Azure Functions.

Also, there are multiple ways to secure your function API such as Authorization Keys, using APIM, (Front door + WAF) for restricting the incoming requests.

One of my workarounds 72633969 shows in securing the Azure functions in the context of restrict the function app from inte.net access and allow only from the APIM Instance.

The Steps I followed for the above solution in securing the Azure Function App APIs through APIM is :

  1. Created a Http Trigger Function in the Function App.
  2. Adding the allowed IP Addresses in the Access Restrictions of the Azure Function App Portal Menu > Networking Tab.
  3. Set the Authorization Level of API to the "Function" Level or Custom key-value level that adds more security after adding to APIM Instance.
  4. Added/Imported the Function API in APIM Instance and checked from the allowed IP addresses and also non-allowed IP address (System):

在此处输入图像描述

And more information on securing APIs using APIM Instance is given in the above Microsoft Documentation.

Authorization keys are a default security mechanism which is better if keys not published in public applications or publicly shared .

For better security mechanism, choose different options for the production environment. the other ways should be followed from the above-mentioned comment and refer to MS Q&A Forum 801055 provided the same by the user @ LohithGN .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how can I terminate an orchestrator function in azure function app Azure Functions (Typescript) - How can I run a setup/bootstrapper function How can I convert a azure function to a regular python script? How can I use Authorize attributes in HttpTrigger of Azure Function Global Protect and Azure VM How long can an Azure Durable Function run for? How do I check my authorization code in authorization code flow? How can I login azure on PowerShell that run on Azure DevOps can I have azure Function App settings in form of json file on the azure cloud side? How can i use logic in Terraform for Azure?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM