In this video, I will show you how you can set up user authentication for azure functions.
Keep in mind that implementing the complete authentication floor requires client implementation that is beyond the scope of this course,
hence will not be able to test the complete flow, and we will look only at the configuration setting on National Function site.
Let's switch to Asher Porto and do that.
We'll use our existing function up to configure user authentication and authorization.
One very important thing to remember is that the authentication is configured on the level of the function up,
which means that all the functions that you have inside the up will require authentication once you configure it.
In order to do the configuration, you need to go to the platform features
and click on authentication authorization.
So far, our up does not require authentication.
It says that anonymous access is enabled and users will not be prompted for log in.
If I turn this on, I will have several options that I can come figure I can provide authentication with azure active directory with Microsoft account, Facebook, Google or Twitter.
Let's say I would like to do authentication with Azure active directory. I will click here
and I can choose the expressed option.
The express option gives me the option to create a new application. I d
The application will be Idea will be using the application name.
And I can select toe granted common data services permissions, Which means that
if the user result indicated he or she will be able to access other azure services,
let's for now, select. Create new application I d. And
just keep the common data services permission ourself
the wizard will automatically create application I d for my function
in order to do user authentication. When I developed my client coat, I need to use this application I d and request a token for the specific application in order to be authorized toe access my function.
Don't forget to click on the safe button after you know your phone could configuration else. Your changes will not be saved and the configuration will be lost.
Also, one additional thing that you should not forget is that you need to change the action If the request is not authenticated.
If you leave it like this, it will still allow you to access your function, although the user is not authenticated.
If you are logging in with Azure Active Directory,
just say that the action should be longing with azure active directory
they direct the user without logging UL and it will request the application
to ask for a new talking.
Now, if I go back and try to test my http three year function,
I will receiver unauthorized message.
Let's go up the u L. And now test it using Curro from my command line,
get the Ural function. Let's switch to girl and well, right
Could all mine ALS be
and the u l and well after the end the required parlamento which was named
If you press on it and you will see that you are receiving back for a one unauthorized, you do not have permissions to view these directory or page.
If this is a client in application,
I need to go and request a token and in orderto
be granted access to dysfunction. I need toe pass the token
us Ah header toe the request.
This is how you can configure user authentication and authorization for your function. APS
Once again, we didn't test the whole floor because we didn't. We don't have a client implementation. However, you saw in curl that once we configure the authentication were not able anymore taxes the http endpoint
and remember that the configuration is done on the function up level, not on individual functions. What that means is that every function in this function app will require authentication.