private async Task OnExecutingAsync(HttpRequest request, Microsoft.Azure.WebJobs.ExecutionContext context)
{
// Extract token from header, return 'Unauthorized' error if the token is null.
string token = string.Empty;
if (request.Headers.ContainsKey("Authorization") && request.Headers["Authorization"][0].StartsWith("Bearer "))
{
token = request.Headers["Authorization"][0].Substring("Bearer ".Length);
}
else
{
request.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
throw new HttpRequestException("Unauthorized");
}
// Get Azure AD env settings
var config = new ConfigurationBuilder()
.SetBasePath(context.FunctionAppDirectory)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables()
.Build();
_instance = config["AzureAd:Instance"];
_tenantId = config["AzureAd:TenantId"];
_clientId = config["AzureAd:ClientId"];
// Validate token (authorization)
string audience = $"api://{_clientId}";
_userClaim = await TokenValidation.VerifyUserHasAnyAcceptedScope(token, _instance, _tenantId, _clientId, audience, _allowedScopes, new CancellationToken());
}
private async Task OnExecutingAsync(HttpRequest request, Microsoft.Azure.WebJobs.ExecutionContext context)
{
// Extract token from header, return 'Unauthorized' error if the token is null.
string token = string.Empty;
if (request.Headers.ContainsKey("Authorization") && request.Headers["Authorization"][0].StartsWith("Bearer "))
{
token = request.Headers["Authorization"][0].Substring("Bearer ".Length);
}
else
{
request.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
throw new HttpRequestException("Unauthorized");
}
// Get Azure AD env settings
var config = new ConfigurationBuilder()
.SetBasePath(context.FunctionAppDirectory)
.AddJsonFile("local.settings.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables()
.Build();
_backendUrl = config["BackendUrl"];
_instance = config["AzureAd:Instance"];
_tenantId = config["AzureAd:TenantId"];
_clientId = config["AzureAd:ClientId"];
_clientSecret = config["AzureAd:ClientSecret"];
_allowedScopes = config["AzureAd:AllowedScopes"].Split(',');
// Validate token (authorization)
string audience = $"api://{_clientId}";
await TokenValidation.VerifyUserHasAnyAcceptedScope(token, _instance, _tenantId, _clientId, audience, _allowedScopes, new CancellationToken());
// Request token
string[] requestedScopes = new string[] { $"api://{config["AzureAd:BackendClientId"]}/{_scope}" };
var accessTokenResult = await _authToken.GetOnBehalfOf(
_tenantId,
_clientId,
_clientSecret,
token,
requestedScopes);
// Inject token in auth header
_httpClient.SetAuthenticationHeader("Bearer", accessTokenResult.AccessToken);
}
