DarkLoop.Azure.Functions.Authorize 3.1.3

There is a newer version of this package available.
See the version list below for details.

dotnet add package DarkLoop.Azure.Functions.Authorize --version 3.1.3

NuGet\Install-Package DarkLoop.Azure.Functions.Authorize -Version 3.1.3

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="DarkLoop.Azure.Functions.Authorize" Version="3.1.3" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add DarkLoop.Azure.Functions.Authorize --version 3.1.3

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: DarkLoop.Azure.Functions.Authorize, 3.1.3"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install DarkLoop.Azure.Functions.Authorize as a Cake Addin
#addin nuget:?package=DarkLoop.Azure.Functions.Authorize&version=3.1.3

// Install DarkLoop.Azure.Functions.Authorize as a Cake Tool
#tool nuget:?package=DarkLoop.Azure.Functions.Authorize&version=3.1.3

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

functions-authorize

Bringing AuthorizeAttribute Behavior to Azure Functions v3 and v4 (In-Process)

It hooks into .NET Core dependency injection container to enable authentication and authorization in the same way ASP.NET Core does.

License

This projects is open source and may be redistributed under the terms of the Apache 2.0 license.

Using the package

Installing the package

dotnet add package DarkLoop.Azure.Functions.Authorize

Setting up authentication

The goal is to utilize the same authentication framework provided for ASP.NET Core

using Microsoft.Azure.Functions.Extensions.DependencyInjection;
using MyFunctionAppNamespace;

[assembly: FunctionsStartup(typeof(Startup))]
namespace MyFunctionAppNamespace
{
  class Startup : FunctionsStartup
  {
    public void Configure(IFunctionsHostBuilder builder)
    {
      builder
        .AddAuthentication(options =>
        {
          options.DefaultAuthenticationScheme = JwtBearerDefaults.AuthenticationScheme;
          options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddOpenIdConnect(options =>
        {
          options.ClientId = "<my-client-id>";
          // ... more options here
        })
        .AddJwtBearer(options =>
        {
          options.Audience = "<my-audience>";
          // ... more options here
        });

      builder
        .AddAuthorization(options =>
        {
          options.AddPolicy("OnlyAdmins", policyBuilder =>
          {
            // configure my policy requirements
          });
        });
    }
  }
}

No need to register the middleware the way we do for ASP.NET Core applications.

Using the attribute

And now lets use FunctionAuthorizeAttribute the same way we use AuthorizeAttribute in our ASP.NET Core applications.

public class Functions
{
  [FunctionAuthorize]
  [FunctionName("get-record")]
  public async Task<IActionResult> GetRecord(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
    ILogger log)
  {
    var user = req.HttpContext.User;
    var record = GetUserData(user.Identity.Name);
    return new OkObjectResult(record);
  }

  [FunctionAuthorize(Policy = "OnlyAdmins")]
  [FunctionName("get-all-records")]
  public async Task<IActionResult>(
    [HttpTrigger(AuthorizationLevel.Anonymous, "get")] HttpRequest req,
    ILogger log)
  {
    var records = GetAllData();
    return new OkObjectResult(records);
  }
}

Releases

Builds

master build status

Change log

Adding change log starting with version 3.1.3

3.1.3

Support for disabling FunctionAuthorize effect at the application level.

Adding support for disabling the effect of [FunctionAuthorize] attribute at the application level.
This is useful when wanting to disable authorization for a specific environment, such as local development.

When configuring services, you can now configure FunctionsAuthorizationOptions.
```
builder.Services.Configure<FunctionsAuthorizationOptions>(options => 
    options.DisableAuthorization = Configuration.GetValue<bool>("AuthOptions:DisableAuthorization"));
```
Optionally you can bind it to configuration to rely on providers like User Secrets or Azure App Configuration to disable and re-enable without having to restart your application:
```
builder.Services.Configure<FunctionsAuthorizationOptions>(
    Configuration.GetSection("FunctionsAuthorization"));
```
For function apps targeting .NET 7 or greater, you can also use AuthorizationBuilder to set this value:
```
builder.Services
    .AddAuthorizationBuilder()
    .DisableAuthorization(Configuration.GetValue<bool>("AuthOptions:DisableAuthorization"));
```
It's always recommended to encapsulate this logic within checks for environments to ensure that if the configuration setting is unintentionally moved to a non-desired environment, it would not affect security of our HTTP triggered functions. This change adds a helper method to identify if you are running the function app in the local environment:
```
if (builder.IsLocalAuthorizationContext())
{
    builder.Services.Configure<FunctionsAuthorizationOptions>(
        options => options.AuthorizationDisabled = true);
}
```
If you want to output warnings emitted by the library remember to set the log level to Warning or lower for Darkloop category in your host.json file:
```
{
  "logging": {
    "logLevel": {
      "DarkLoop": "Warning"
    }
  }
}
```
Thanks to BenjaminWang1031 for the suggestion to add this functionality.
Remove Functions bult-in JwtBearer configuration by default

Azure Functions recently added configuration for issuer and audience validation for the default authentication flows, not the one supported by this package through FunctionAuthorizeAttribute, which interferes with token validation when using our own Bearer scheme token configuration. In prior versions, this package has functionality to clear Functions built-in configuration, but it was not enabled by default when using AddJwtBearer(Action<JwtBearerOptions> configure, bool removeBuiltInConfig = false). Since the use of this package is commonly used for custom JWT token, the default value of removeBuiltInConfig is now true.

Product	Compatible and additional computed target framework versions.
.NET	net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed.
.NET Core	netcoreapp3.0 was computed. netcoreapp3.1 was computed.
.NET Standard	netstandard2.1 is compatible.
MonoAndroid	monoandroid was computed.
MonoMac	monomac was computed.
MonoTouch	monotouch was computed.
Tizen	tizen60 was computed.
Xamarin.iOS	xamarinios was computed.
Xamarin.Mac	xamarinmac was computed.
Xamarin.TVOS	xamarintvos was computed.
Xamarin.WatchOS	xamarinwatchos was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

.NETStandard 2.1
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 2.2.0)
- Microsoft.AspNetCore.Authorization (>= 3.0.3)
- Microsoft.Azure.Functions.Extensions (>= 1.1.0)
- Microsoft.Azure.WebJobs.Extensions.Http (>= 3.0.2)
net7.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 7.0.0)
- Microsoft.AspNetCore.Authorization (>= 7.0.0)
- Microsoft.Azure.Functions.Extensions (>= 1.1.0)
- Microsoft.Azure.WebJobs.Extensions.Http (>= 3.0.2)

NuGet packages (1)

Showing the top 1 NuGet packages that depend on DarkLoop.Azure.Functions.Authorize:

Package	Downloads
IglooSoftware.Sdk.Authorization Facilities for authorizing calls to Igloo APIs.	53.6K

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
4.0.0	183	3/19/2024
4.0.0-preview-240319-1	60	3/19/2024
4.0.0-preview-240311-16	62	3/11/2024
4.0.0-preview-240304-38	101	3/4/2024
3.1.3	1,442	2/12/2024
3.1.3-preview-240211-5	139	2/11/2024
3.1.3-preview-240211-2	159	2/11/2024
3.1.2	40,961	11/30/2022
3.1.2-preview-221118-1	219	11/18/2022
3.1.1	7,977	11/7/2022
3.1.1-preview-221107-1	232	11/7/2022
3.1.1-preview-220811-1	310	8/11/2022
3.1.0	113,989	12/6/2021
3.1.0-preview-211123-1	5,371	11/23/2021
3.0.12-preview-211118-1	407	11/18/2021
3.0.12-preview-210730-1	637	7/30/2021
3.0.11-preview-210408-4	2,331	4/8/2021
3.0.11-preview-210408-3	309	4/8/2021
3.0.11-preview-210408-2	321	4/8/2021
3.0.11-preview-210408-1	312	4/8/2021
3.0.11-preview-210407-11	442	4/7/2021