所以我之前使用B2C进行身份验证。 我已经配置了我的功能,因此他们需要通过B2C进行身份验证,一切正常。 如果您尝试在未经过身份验证的情况下调用它们,则不会发生任何事情(或者说,您遇到了错误)。
我想使用像Auth0这样的第三方提供商,因为目前B2C存在一些限制和问题,似乎只能非常缓慢地进行。 无论如何,我不确定我应该如何为此配置我的功能。 我转到了身份验证/授权设置刀片,我将“应用服务身份验证”设置为“打开”,“令牌存储”设置为“打开”,“将请求未经过身份验证时采取的操作”设置为“允许匿名”请求(不采取行动)“。 在“身份验证提供程序”下,所有这些都设置为“未配置”。我的第一个问题是,在这个阶段,如果我使用Postman调用我的任何函数,我可以在没有任何身份验证信息的情况下调用它们。它就像如果他们完全没有保护。
我不确定我应该设置什么,以便我的功能需要身份验证但是第三方,而不是5个默认列出的提供商。
或者我是否以错误的方式思考这个问题? 是否允许解决方案允许对我的函数进行未经身份验证的访问,但是在函数本身中执行我的令牌验证/等,而不是依赖于Microsoft在幕后验证请求的任何内容(比如当您使用B2C时)?
So I was previously using B2C for authentication. I had gotten my functions configured so that they required authentication via B2C and everything worked fine. If you tried calling them without being authenticated, nothing happened (or rather, you got an error).
I want to use a 3rd party provider, like Auth0, because there's some limitations and issues with B2C at the moment that seem to only very slowly get worked on. Anyway, I'm not sure how I'm supposed to configure my functions for this. I went to the Authentication/Authorization settings blade and I've set "App Service Authentication" to "on", "Token Store" to "On", and "Action to take when request is not authenticated" is set to "Allow Anonymous requests (no action)". Under "Authentication Providers" all of them are set to "Not Configured'. My first problem is that at this stage, if I call any of my functions using say Postman, I can call them just fine without any authentication information whatsoever. It's as if they're totally unprotected.
I'm not sure what I'm supposed to set so that my functions require authentication BUT with a 3rd party, not with the 5 default listed providers.
Or am I thinking about this the wrong way? Is the solution instead to allow unauthenticated access to my functions, but in the functions themselves do my token validation/etc rather than relying on whatever it is that Microsoft does behind the scenes to validate the request (like when you use B2C)?
最满意答案
您的最终想法是标记,如果您带来的第三方身份验证提供程序不受App Service身份验证支持,最佳选择是允许未经身份验证的访问并自行验证请求。
但是,请记住,任何输入绑定都将在您的功能代码执行之前运行(并进行身份验证验证),因此您需要小心使用输入绑定和自定义身份验证。
更新 :应用服务身份验证确实在待办事项上“带上您自己的身份验证提供程序”,因此希望很快能够更好地支持此方案。
Your final thought is on the mark, if you're bringing a 3rd party auth provider that is unsupported by App Service Authentication the best choice is to allow unauthenticated access and validate the request yourself.
However, keep in mind that any input bindings will run before your function code executes (and auth validation occurs), so you need to be careful with using input bindings and custom auth.
Update: App service authentication does have 'bring your own auth provider' on the backlog, so hopefully this scenario will be better supported soon.
更多推荐
发布评论