Azure App service authentication - SQL database client sharding

Question

We have an azure SQL database that will contain multiple client's data. Each table has an account Id which we were planning on using use to seperate client data. We are displaying the data via an Azure App service and an bff middleware in azure function app. We were planning on adding Azure App Service Authentication to authenticate users into our web app.

However we cannot find documentation on how to store an account Id against an authenticated user; so that we could return results from the database specific only for that user/client?

Answer 1

App Service passes user claims to your application by using special headers. External requests aren't allowed to set these headers, so they are present only if set by App Service.

There are two ways to get the usename(Account id to login).
1.You could use X-MS-CLIENT-PRINCIPAL-NAME as http resquest header to get the username.

var name1=httpRequest.Headers["X-MS-CLIENT-PRINCIPAL-NAME"].ToString();

2.You can retrieve the authenticated user information from the ClaimsPrincipal instance injected in the Run method.

public static async Task<HttpResponseMessage> Run(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)]
    HttpRequest httpRequest, 
    ILogger logger, 
    ClaimsPrincipal claimsPrincipal)
{   
    var name2 = claimsPrincipal.Identity.Name;
}

After get the username(Account id to login), you can add it to the conditions of the sql statement.

Note:

When you add App registrations in Azure ad, add redirect url as https://yourfunctionname.azurewebsites.net/.auth/login/aad/callback and click ID token when you setting Advanced settings.