How to call a azure function which is secured by AAD

Question

We want to call a azure function for which the authentication is enabled by Azure AD. We want to call this function from an external tool may be use http in an automated fashion instead of user getting a login prompt and then logging.

Any idea how to do that?

Thanks Girish

Answer 1

So in general - to call Azure Functions, which is secured by AAD, you have to find a way to obtain a token, which will allow you to authenticate. If you fail to do so, you will get HTTP 403 and will be redirected(or receive a redirect link), to sign in.

If you want to do it automatically, I assume you will require a service principal created in your tenant: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal.

Then you have to obtain access token somehow - either by using bare HTTP request:

POST https://{tenant}/oauth2/v2.0/token?client_id={client-id}
&scope={scope}
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh

Which is described here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-get-jwt-token

Or by using Microsoft.IdentityModel:

AuthenticationContext = new AuthenticationContext("https://login.microsoftonline.com/" + Tenant);
Credential = new ClientCredential(clientId, clientSecret);

var result = await AuthenticationContext.AcquireTokenAsync("https://graph.windows.net", Credential);
return result.AccessToken;

Then you will have to add to each of your requests a Bearer token, which will allow you to authenticate without login prompts.