Reputation: 9189
I'm using azure functions to host an API for a react app, however I'm also using the same azure function to host the html/js/css for the app (via proxy functions to static files on blob storage).
I have been using EasyAuth to provide authentication for it which has been working brilliantly, however I need to support a identity provider that isn't built into EasyAuth (and it doesn't support custom ones at all). This means I'm falling back to using the Microsoft.AspNetCore.Authentication.OpenIdConnect package.
I have registered the auth in my startup file
.AddCookie("WebJobsAuthLevel") //errors without this, although I suspect it's wrong
.AddCookie("Bearer") //errors without this, although I suspect it's wrong
.AddOpenIdConnect("custom", o =>
o.MetadataAddress = "https://localhost:44320/.well-known/openid-configuration";
o.ClientId = "clientid";
o.ClientSecret = "secret";
o.ResponseMode = OpenIdConnectResponseType.Code;
o.SignInScheme = "Cookies";
o.GetClaimsFromUserInfoEndpoint = true;
along with a function that lets me trigger the challenge
public async Task<IActionResult?> Challenge([HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = ".auth/login/custom")]HttpRequest req, ILogger log)
return new ChallengeResult("custom");
If i hit this function it works great, redirecting to the auth provider to login.
However once i login it redirects back to my function app which 404's
At this stage I'm guessing that AddAuthentication isn't able to hook into incoming web requests like it can when using it in mvc core. Wondering if there's a known way that I can hook this up, either at a lower level or via custom azure functions
Upvotes: 6
Views: 2716
Reputation: 9189 is another possible answer - doesn't support out of proc yet.
Upvotes: 1
Reputation: 6921
Not the best solution but this nuget does the job until MS supports it. I have just tested and it works fine for me
Upvotes: 1
Reputation: 9189
public class AzureFunctionsAuthenticationMiddleware : IJobHostHttpMiddleware
private IAuthenticationSchemeProvider _schemeProvider;
public AzureFunctionsAuthenticationMiddleware(IAuthenticationSchemeProvider schemeProvider)
_schemeProvider = schemeProvider;
public Task Invoke(HttpContext context, RequestDelegate next)
return new AuthenticationMiddleware(next, _schemeProvider).Invoke(context);
public void Configure(IWebJobsBuilder builder)
builder.Services.AddAuthentication(options =>
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
.AddOpenIdConnect("custom", o =>
o.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
o.SignInScheme = "Cookies";
o.MetadataAddress = "metadata address";
o.ClientId = "clientid";
o.ClientSecret = "secret";
o.ResponseMode = "query";
o.ResponseType = "code";
This resolves the signin-oidc 404, I'm now hitting another issue around invalid openid messages which I'm not sure is related (eg I think my openidconnect server isn't correct rather than my client)
Upvotes: 3