Azure-Functions: Can you use web.config restrictions (e.g. IP restriction or basic Auth)

Question

IP Restrictions are possible for Azure Websites as is protecting the site with Basic Authentication..

Are these, or any other web.config techniques possible on Azure Functions or do they need to be coded?

I created a web.config in the base of my wwwroot of an Azure Function, but if I did it right; it appears to be ignored.

EDIT: To further clarify "Why", we have a QA site that needs to be accessible by internal and external testers. We'd like to make the site generally not available, but really want to be able to give people at a few locations access for testing.

We don't know every last person that will be doing the testing, however, so we can't just enable the Azure AD Auth. We'd also rather not maintain separate code just to make this available.

Answer 1

Its been some time and the answer to this has kind of changed. While its still not possible to directly do this with a web.config file, these platform features are now available in the Azure Portal.

If you navigate to: https://portal.azure.com

And then go to:

App Services -> (Your Func App Name) -> Platform Features -> Networking -> Configure IP Restrictions

You can configure IP restrictions here and it will apply to your function app.

Similarly, there are now several authentication options under:

App Services -> (Your Func App Name) -> Platform Features -> Authentication / Authorization

This doesn't include basic auth, but it does include a bunch of stuff.

Answer 2

Web.config files do not apply to Function Apps and will indeed (as you found) be ignored.

Because of this limitation, features that require web.config customization are not supported with the standard Function App model (as you can see in the answer linked by @Mikhail, there are workarounds), and the alternative, currently, would be to handle this requirement in code.