DarkLoop.Azure.Functions.Authorization.InProcess 4.1.0

dotnet add package DarkLoop.Azure.Functions.Authorization.InProcess --version 4.1.0                
NuGet\Install-Package DarkLoop.Azure.Functions.Authorization.InProcess -Version 4.1.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DarkLoop.Azure.Functions.Authorization.InProcess" Version="4.1.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add DarkLoop.Azure.Functions.Authorization.InProcess --version 4.1.0                
#r "nuget: DarkLoop.Azure.Functions.Authorization.InProcess, 4.1.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install DarkLoop.Azure.Functions.Authorization.InProcess as a Cake Addin
#addin nuget:?package=DarkLoop.Azure.Functions.Authorization.InProcess&version=4.1.0

// Install DarkLoop.Azure.Functions.Authorization.InProcess as a Cake Tool
#tool nuget:?package=DarkLoop.Azure.Functions.Authorization.InProcess&version=4.1.0                

functions-authorize

Bringing AuthorizeAttribute Behavior to Azure Functions v3 and v4 (In-Process)

It hooks into .NET Core dependency injection container to enable authentication and authorization in the same way ASP.NET Core does.

Breaking for current package consumers

Starting with version 4.1.0, due to security changes made on the Functions runtime, the Bearer scheme is no longer supported for your app functions.

Use AddJwtFunctionsBearer(Action<JwtBearerOptions>) instead of AddJwtBearer(Action<JwtBearerOptions>) when setting up authentication. Using AddJwtBearer will generate a compilation error when used against FunctionsAuthenticationBuilder. We are introducing JwtFunctionsBearerDefaults to refer to the suggested new custom scheme name.

No changes should be required if already using a custom scheme name.

Using the package

Installing the package

dotnet add package DarkLoop.Azure.Functions.Authorize

Setting up authentication

The goal is to utilize the same authentication framework provided for ASP.NET Core

using Microsoft.Azure.Functions.Extensions.DependencyInjection;
using MyFunctionAppNamespace;

[assembly: FunctionsStartup(typeof(Startup))]
namespace MyFunctionAppNamespace
{
  class Startup : FunctionsStartup
  {
    public void Configure(IFunctionsHostBuilder builder)
    {
      builder
        .AddAuthentication(options =>
        {
          options.DefaultAuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
          options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddOpenIdConnect(options =>
        {
          options.ClientId = "<my-client-id>";
          // ... more options here
        })
        // This is important as Bearer scheme is used by the runtime
        // and no longer supported by this framework.
        .AddJwtFunctionsBearer(options =>
        {
          options.Audience = "<my-audience>";
          // ... more options here
        });

      builder
        .AddAuthorization(options =>
        {
          options.AddPolicy("OnlyAdmins", policyBuilder =>
          {
            // configure my policy requirements
          });
        });
    }
  }
}

Starting with version 4.1.0, the default Bearer scheme is not supported by this framework. You can use a custom scheme or make use of AddJwtFunctionsBearer(Action<JwtBearerOptions>) as shown above. This one adds the "FunctionsBearer" scheme. Clients still submit token for Authorization header in the format: Bearer <token>.

No need to register the middleware the way we do for ASP.NET Core applications.

Using the attribute

And now lets use FunctionAuthorizeAttribute the same way we use AuthorizeAttribute in our ASP.NET Core applications.

public class Functions
{
  [FunctionAuthorize]
  [FunctionName("get-record")]
  public async Task<IActionResult> GetRecord(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
    ILogger log)
  {
    var user = req.HttpContext.User;
    var record = GetUserData(user.Identity.Name);
    return new OkObjectResult(record);
  }

  [FunctionAuthorize(Policy = "OnlyAdmins")]
  [FunctionName("get-all-records")]
  public async Task<IActionResult> GetAllRecords(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
    ILogger log)
  {
    var records = GetAllData();
    return new OkObjectResult(records);
  }
}
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
4.1.0 144 5/27/2024
4.1.0-preview-240522-2 84 5/22/2024
4.1.0-preview-240522-1 76 5/22/2024
4.1.0-preview-240521-1 70 5/21/2024
4.0.1 3,116 3/19/2024