CODEWITHSUNDEEP
azureazure-functionsazure-ad-msalmicrosoft-identity-platformazure-identity
Jashvita
Jashvita

Reputation: 661

How I can protect Azure Function by authorization?

I am starting with the Azure function in which I am creating API Function. After creating that function, I need to protect it.

Previously, I used the Microsoft.Identity.Platform to protect API's recourses, in which I created a registration in Azure AD for API, exposed the scopes, added the client apps in the list to provide access to the resources. Furthemore, it required to confirmation for 'API permission' in client app's Azure AD registration.

So, is there anything similar can I do, and do you think it would be a good option or if there are other options to pick from?

I read about the function key, but I read it is good for development not good for production.

Upvotes: 0

Views: 2058

Answers (1)

anon
anon

Reputation:

I read about the function key, but I read it is good for development not good for production.

As you can see in this MS Doc, Microsoft mentioned that Authorization keys along with App Service Authentication is good for securing the HTTP Endpoints on all the stages like dev, testing and production environments in Azure Functions.

Also, there are multiple ways to secure your function API such as Authorization Keys, using APIM, (Front door + WAF) for restricting the incoming requests.

One of my workarounds 72633969 shows in securing the Azure functions in the context of restrict the function app from internet access and allow only from the APIM Instance.

The Steps I followed for the above solution in securing the Azure Function App APIs through APIM is:

  1. Created a Http Trigger Function in the Function App.
  2. Adding the allowed IP Addresses in the Access Restrictions of the Azure Function App Portal Menu > Networking Tab.
  3. Set the Authorization Level of API to the "Function" Level or Custom key-value level that adds more security after adding to APIM Instance.
  4. Added/Imported the Function API in APIM Instance and checked from the allowed IP addresses and also non-allowed IP address (System):

enter image description here

And more information on securing APIs using APIM Instance is given in the above Microsoft Documentation.

Authorization keys are a default security mechanism which is better if keys not published in public applications or publicly shared.

For better security mechanism, choose different options for the production environment. the other ways should be followed from the above-mentioned comment and refer to MS Q&A Forum 801055 provided the same by the user @LohithGN.

Upvotes: 2

Related Questions