Reputation: 1138
Configuring Impersonation for Azure Function Running in an On-Prem Windows Container
I'm running a hello world azure function app with an HTTP trigger in a windows container on-prem (yay!).
The question I have now is is it possible to impersonate the user initiating a request from the HTTP trigger? The goal is to allow the function to talk to our in-house authorization system and get back an authorization token.
Could it be just a matter of changing the authorization level to something like Authorization.User?
Upvotes: 0
Views: 1066
Answers (1)
Reputation: 17790
It's possible. We send identity info to the Http Trigger, it talks to authorization backend and brings back a token to the trigger, we get the token as a response of the Http trigger.
Since it's an in-house authorization system we can't rely on the authorization level of Http trigger. It is used for Functions deployed in Azure site, where we need to provide a corresponding key to access Http trigger secured by different auth level.
BTW, the auth level should always be anonymous(e.g AuthorizationLevel.Anonymous in c#) if we work with Http trigger in on-prem container. Because locally we don't have any key to access the trigger secured by level other than anonymous.
Upvotes: 1
Related Questions
- Http Trigger Azure Function in Docker with non anonymous authLevel
- Authenticate Azure Functions
- How to authenticate to an Azure Function using function auth or Azure AD service principal
- Calling Azure function from VM using managed identity and REST API
- C# Accessing on-premise network shares from azure functions using credentials
- Azure Function in Docker container
- Azure Function command-line fails when testing locally with AuthorizationLevel set to "Function"
- How to set AuthorzationLevel per an environment condition when running csproj function in Azure Function Apps Runtime 2.x on a Docker container?
- Azure Function Authorization
- using IoC container in azure functions