How to use OAuth (Bearer Token) Authentication in Azure Functions

This article help you to understand how bearer token is validating in your azure function. 
First you need to understand what is the Bearer token

"Bearer Token is used to authenticate your API's and token is in base 64 URL encoded value, some servers will issue tokens that are a short string of hexadecimal characters, while others may use structured tokens such as JSON Web Tokens. for more details on Bearer token click here.

Note: Bearer Token should be send via request headers to your azure function. 

Validate your Bearer Token:

  • First Create Application ID in Azure Active directory and generate client id & secrete and reply url. Click here to understand how to create app id in Azure active directory. 
  • Next create a Azure Http trigger function and add below code in your function.
public  async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log)
        {
            var headers = req.Headers; 

            if (headers.TryGetValue("Authorization", out var authHeader))
            {
                if (authHeader[0].StartsWith("Bearer "))
                {
                    token = authHeader[0].Substring(7, authHeader[0].Length - 7);
                }
                else
                {
                    return new UnauthorizedResult();
                }

              bool isValidToken = await BearerTokenValidation.TokenIsValidAsync(token, log);

            if (!isValidToken)
                return new UnauthorizedResult();

            }
}
  • Create new class file and add below code 

using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Threading;
using System.Threading.Tasks;
namespace AzureMediaServices
{
    public static class BearerTokenValidation
    {
         public static async Task<bool> TokenIsValidAsync(string token, ILogger log)
        {
            try
            {
               bool isValidToken = true;
                var tokenServerEndpoint = "https://login.microsoftonline.com/<Your TenantId>/"; //
                var issuer = "https://sts.windows.net/<Your TenantId>"; //
                var audiences = "Your AppID redirect/reply url";//
                var keys = await GetSecurityKeysAsync(tokenServerEndpoint, log);
                var validationParameters = new TokenValidationParameters
                {
                    ValidIssuer = issuer,
                    ValidAudiences = new[] { audiences },
                    IssuerSigningKeys = keys
                };
                 //Grab the claims from the token.
                var handler = new JwtSecurityTokenHandler();
                ClaimsPrincipal principal;
                try
                {
                    principal = handler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
                    return isValidToken;
                }
                catch (SecurityTokenExpiredException ex)
                {
                    return isValidToken = false;
                }
                catch (Exception ex)
                {
                    return isValidToken = false;
                }
            }
            catch (Exception ex)
            {
                return false;
            }
       }
        // Get the public keys from the jwks endpoint      
        private static async Task<ICollection<SecurityKey>> GetSecurityKeysAsync(string idpEndpoint, ILogger log)
        {
            try
            {
                var openIdConfigurationEndpoint = $"{idpEndpoint}.well-known/openid-configuration";
                var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(openIdConfigurationEndpoint, new OpenIdConnectConfigurationRetriever());
                var openIdConfig = await configurationManager.GetConfigurationAsync(CancellationToken.None);
                return openIdConfig.SigningKeys;
            }
            catch(Exception ex)
            {               
                return null;
            }
        }
    }
}

Comments

Post a Comment

Popular posts from this blog

Send Email Alerts when Azure VM is Shut down using PowerShell

In this page , I'll explains "Send email alerts if the Azure VMs is deallocated or stopped using PowerShell". This scenerio will help when Azure Virtual machines suddenly stopped due to netwok issue or data center is down. These type of issues we can't monitor every time,so i have explained below article to identifies when VM is stopped. Prerequisite : Powershell IDE AzureRm Module in powershell Gmail Account First we need to Azure Rm module: Open PowerShell from your local machine and install the Azure RM Module  And Type the command "install-module azure rm" in your powershell command window By default it will give  yes by typing [Y] to install NuGet Provider.  Wait for 5 min. Azure Rm module installing. PowerShell commands to send email alerts:  After sucessfully installing the AzureRm module, copy below powershell script into your local. Below code reads the all VM under in a specific resource group.   PowerShell Script: Login-AzureRmAccount    # Firs
Read more

Sample Chatbot flow diagram

Image
TechnicalHubCore is a Professional Technology Platform. Here we will provide you only interesting content, which you will like very much. We're dedicated to providing you the best of Technology, with a focus on dependability and Dot net and Azure. We're working to turn our passion for Technology into a booming online website. We hope you enjoy our Technology as much as we enjoy offering them to you. I will keep posting more important posts on my Website for all of you. Please give your support and love.  In this page , I'll explain the sample chatbot flow diagram. Before we need to know the advantages of ChatBot: 1. Chatbots are available 24/7 to help customers. 2. Chatbots does not required human interaction so it eliminate the operation cost and hence companies saves the cost 3. Chatbot are improves the customers/users satisfaction. 4. Chatbot are easily embabed with web applications, Microsoft te
Read more

Architecture diagram for upload & validate the videos in azure

Image
TechnicalHubCore is a Professional Technology Platform. Here we will provide you only interesting content, which you will like very much. We're dedicated to providing you the best of Technology, with a focus on dependability and Dot net and Azure. We're working to turn our passion for Technology into a booming online website. We hope you enjoy our Technology as much as we enjoy offering them to you. I will keep posting more important posts on my Website for all of you. Please give your support and love.   In this page , I'll explains the architecture of uploading video to azure using web application and validating(Quality of video) the uploaded video by your QA team. If you want to devlop a solution without Azure Media Services below solution is good. Cost for this solution is less compared to azure media services. Here I am creating three types of Role Engineer Role- Privilege's to upload the video QA Role- Privilege's to validate the upload
Read more