Azure Functions v2 & Google Auth

Refresh

April 2019

Views

183 time

1

I've set up my Azure Functions 2 in the manner described in this post https://blogs.msdn.microsoft.com/stuartleeks/2018/02/19/azure-functions-and-app-service-authentication/

I can call the /.auth/login/google endpoint with the Google token and get back the easy auth token.

And I can call the /.auth/me endpoint and get back my profile info.

But in my code, the Thread.CurrentPrincipal.Identity is null. I can't seem to find any solution to this. I have verified my request has the x-zumo-auth header set to the easy auth token retrieved from the login endpoint. And of course the function is set to anonymous.

I hope I'm missing something simple. Thanks for your help.

Bon

2 answers

2

Since November 28th 2018, this feature is now in preview. This capability is only available to the Functions 2.x runtime. It is also currently only available for .NET languages.

The ClaimsPrincipal is available as part of the request context as shown in the following example:

using System.Net; 
using Microsoft.AspNetCore.Mvc; 
using System.Security.Claims;

public static IActionResult Run(HttpRequest req, ILogger log)
{
    ClaimsPrincipal identities = req.HttpContext.User;
    // ...
    return new OkResult();
}

Alternatively, the ClaimsPrincipal can simply be included as an additional parameter in the function signature:

using System.Net;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
using Newtonsoft.Json.Linq;

public static void Run(JObject input, ClaimsPrincipal principal, ILogger log)
{
    // ...
    return;
}

Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook#working-with-client-identities

1

Found the answer but still I'm surprised there is such a lack of clarity.

https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-overview

For Azure Functions, ClaimsPrincipal.Current is not hydrated for .NET code, but you can still find the user claims in the request headers.

But there's countless examples I'm seeing where people reference that in Azure Functions as if it should be hydrated.

I am indeed finding the claims as expected in the headers and will work with that, but I feel like there's still something that I'm missing...

Bon