Welcome to today’s post.
I will discuss how to secure an Azure Serverless function.
In a previous post, I showed how to deploy an Azure Serverless Function.
The most important reason why we would want to secure our Azure function is that with Azure functions that are http triggered, unauthorized use of the function can lead to high bandwidth, costs, and high CPU usage. In cases where the trigger is used to integrate components of a system, the access should be a priority.
What I did not show in that post was how to define the authorization of the serverless function so that if anyone were to just run the basic form of the serverless function in a browser, they would get an unauthorized error.
I will show how to secure an Azure function that uses Http triggers.
There are two types of keys that can be used to secure functions:
Host keys: These allow access to all functions within a function app.
Function keys: These allow access to individual functions that are defined.
In the first section, I will first show how to create a new function key for an existing Azure function app.
For details on how to create a new function app, refer to my previous post, where I showed how to create an Azure Serverless function from a .NET Core Application.
Creating a New Function Key
Obtaining a new function key for an Azure function can be done by opening the function app within the Azure portal.
Click on Manage.
The following screen opens:
Select Add a new function key.
Provide a key name. Leave the key field blank as it will be auto generated.
Save the key.
Open the Kudu console.
Browse to the folder containing the function.json file:
Open the function.json file.
Change the authLevel value to function.
Save the change.
In the next section, I will show how to test the authorization of the Azure serverless function.
Testing Authorization of the Azure Serverless Function
In this section, I will show how to test authorization of an Azure Serverless Function.
Given we have already created the function key for the Azure serverless function’s function app, we first return to the Function Manage screen for the Serverless function.
Copy the function key.
Open a browser.
Enter the function URL, appending the route.
Submit the URL.
An error should show 401. This is an authentication error.
In the steps below, I will show how to run an authorized form of the serverless function.
Now try the following:
Enter the function URL, appending the route, then append the following:
?code=[your function key]
Next, submit the URL from the browser.
A response will display in the browser content window as shown:
The response shows us that the functional authentication is working as expected.
The above has been a demonstration of how to apply authentication on a functional level to an Azure serverless HTTP function.
That’s all for today’s post.
I hope this post has been informative and useful.
Andrew Halil is a blogger, author and software developer with expertise of many areas in the information technology industry including full-stack web and native cloud based development, test driven development and Devops.