Views:

Overview

This article shows how to securely connect to an Azure Function using Azure Active Directory

Setup - Create Resource Group

  • Navigate to portal.azure.com and login to your Azure instance
  • Click on Resource Group in the blade
  • Click Add
  • Select the correct subscription
  • Under Resource Group, enter N52AzureFunctionSecurityDemo
  • Under Region, select your region
  • Click Review + Create
  • Click Create

Setup - Create Function App

  • Select on Resource Group in the blade
  • Click into N52AzureFunctionSecurityDemo 
    • Note if you can't see it, refresh the listing
  • Select Add
  • Search for Function App 
  • Add the Function App from Microsoft
  • Click Create
  • Under App name, enter N52AzureFunctionHelloWorld
  • Select the subscription you want to use
  • Under Resource Group select Use Existing
  • Select N52AzureFunctionSecurityDemo
  • For Location, select your appropriate location
  • Under Storage, create a new one with the name chosen by yourself
  • Make a note of the full App name - this will be used as the Resource in the following article describing how to execute the function
    • In this example Resource  N52AzureFunctionHelloWorld.azurewebsite.net
       
  • Select Create

Setup - Create Function

  • Click into your new Function App called N52AzureFunctionHelloWorld
    • You may need to wait a few moments for the Function App to be created, a notification in the top right hand corner will let you know when its done
  • Select New Function
  • Select In-portal and then Continue
  • Select Webhook + API 
  • Click Create
  • Click Run to test
    • You will see the Output return Hello, Azure
  • Click the Get function URL and make note of the URL, this will be used as the function URL in the execute article
    • In this example Function URL N52AzureFunctionHelloWorld.azurewebsite.net
  • Click on N52AzureFunctionHellowWorld to go to its Overview
  • Click on Platform Features
  • Click on Authentication / Authorization
  • Change App Service Authentication to be on and click Save
  • Select the N52AzureFunctionHelloWorld blade to go back
  • Select the Authentication / Authorization again
    • We do this as only one change can be made to these settings at a time, the page needs to be refreshed
  • Under Action to take when request is not authenticated select Log in with Azure Active Directory
  • Click Save
  • Select the N52AzureFunctionHelloWorld blade to go back
  • Select the Authentication / Authorization again
    • We do this as only one change can be made to these settings at a time, the page needs to be refreshed
  • Click on Azure Active Directory
  • Choose Express
  • Click OK
  • Select Save
  • Select the N52AzureFunctionHelloWorld blade to go back
  • Select the Authentication / Authorization again
    • We do this as only one change can be made to these settings at a time, the page needs to be refreshed
  • Click on Azure Active Directory
  • Set Management Mode to Advanced now
  • Make note of the Client ID and the Client Secret, this will be used as the Client ID and the Client Secret in the execute article. 
  • Copy the token from Allowed Token Audiences and paste it into the line below it like so 
    • Note if the token isnt there, you may need to refresh your browser and return to this point. 
  • In the second like, delete the end of the URL up to the .net
  • Click OK and then Save
  • You now have a protected Azure Function

Setup - App Registration

  • Click on the Azure Active Directory blade
  • Click on Properties
  • Make note of the Directory ID, this will be used as the Directory ID in the execute article
  • Click on App Registrations
  • Find your app from the All Apps drop down
  • Click into it
  • Proceed to the next KB article for details of executing the function