HTTP Trigger Azure Functions, lets you invoke a function with an HTTP request. You can use an HTTP trigger to build serverless APIs and respond to webhooks. Azure provides different types of Authorization levels to secure HTTP functions are like:
Function and System, level Authorization can be handled using function and master keys provided by azure, you can learn more on official docs.
In cases where we would like to call the function from a web application like a single page application. Then we might want to have the user authorization, where we need to use Authorization level anonymous with custom authorization functionality.
Here we learn how to write customized authorization for HTTP Trigger Function using Custom Binding (a way of declaratively connecting another functionality to the function).
This class is responsible for adding a binding rule to the azure function configuration. While adding the binding rule, a link is established between a custom attribute(JWTAuthorizationAttribute) with the binding rule (JWTAuthorizationBindingProvider).
Parameter ExtensionConfigContext in Initialize method of IExtensionConfigProvider interface helps us to define on which attribute we need to add binding which returns an object of FluentBinding class of type JWTAuthorizationAttribute.
Now use the Bind method of FluentBinding class to actually define the rule i.e JWTAuthorizationBindingProvider in our example.
Simple attribute with no special code, but it’s used by JWTAuthorizationExtensionProvider to link a parameter in the Azure Function with a binding rule as mentioned above.
This class implements the interface IBindingProvider and works as a factory for our custom binding rule. The JWTAuthorizationExtensionProvider inserts an instance of this class in the Azure Function configuration.
TryCreateAsync method of IBindingProvider interface will return IBinding, so we have to create a class that implements the IBinding interface I.e. JWTAuthorizationBinding in our example.
This class implements the IBinding interface. This is the class injected inside the Azure Function configuration. It provides an instance of IValueProvider, responsible to extract the value from the HTTPRequest.
Parameter BindingContext in BindAsync method of the IBinding interface has the property BindingData which helps us to get HTTP Request object.
This class implements the IValueProvider interface and this is responsible for extracting the token from the header using the HttpRequest instance provided by JWTAuthoriationBindng.
This is where we will validate the token value and return the JWTClaim object,
Last we need to register JWTAuthorizationExtensonProvider in Startup, which adds a binding rule to the attribute.
Using the Binding in a Function
Finally, we are done with our first binding, now time to use this.
Today, we learned how to implement custom Authorization in HTTP Azure Function using custom binding.
I hope, after reading this you would be able to add Authorization on AzureFunctions. For complete code please visit GitHub repo.