public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, Route = null)] HttpRequest req, ILogger log) { string errorMessage = string.Empty; var deviceId = req.Headers["deviceid"].ToString().ToLowerInvariant(); // Device id, either a MAC address or a random string per session var userName = req.Headers["username"].ToString().ToLowerInvariant(); // Username as registered in choosen authernication service (e.g. AAD userPrincipalName, GitHub username) var team = req.Headers["teamname"].ToString().ToLowerInvariant(); // Teamname - id or name of the target group or team. Must be group id for AAD, team id for GitHub var company = req.Headers["companyname"].ToString().ToLowerInvariant(); // Company name or tenant id. Must be tenant id for AAD, company id for GitHub var authServiceToken = req.Headers["authservicetoken"].ToString(); // Authentication token received from authentication service. Bearer token for AAD or GitHub. var authService = req.Headers["authservicename"].ToString().ToLowerInvariant(); // Authentication sercvice name. "graph.microsoft.com" for AAD, "github.com" for GitHub var provider = GraphServiceFactory.GetGraphService(authService); GraphAuthStatus authStatus = GraphAuthStatus.Unauthorized; if (provider == null) { errorMessage = $"{authService} is not a valid graph service name."; } else { authStatus = await provider.IsGroupMember(userName, company, team, authServiceToken, log); } ObjectResult funcResult = null; string userId = string.Empty; if (authStatus == GraphAuthStatus.OK) { userId = SignalRGroupUtils.GetFullUserId(authService, company, team, userName, deviceId); userId = userId.ToLowerInvariant(); ServiceUtils utils = new ServiceUtils(ConfigUtils.GetSignalRConnection()); var hubName = ConfigUtils.GetHubName(); var clientUrl = $"{utils.Endpoint}/client/?hub={hubName}"; var clientToken = utils.GenerateAccessToken(clientUrl, userId, TimeSpan.FromMinutes(UInt64.Parse(ConfigUtils.GetAuthTokenLifetimeMinutes()))); string serverTime = ((long)(DateTime.UtcNow - DateTime.UnixEpoch).TotalSeconds).ToString(); string turnServersAuthorization = ConfigUtils.MakeTURNAuthToken(company); funcResult = new OkObjectResult(new string[] { userId, clientToken, clientUrl, serverTime, turnServersAuthorization }); } else { if (string.IsNullOrEmpty(errorMessage)) { errorMessage = $"Graph verification failed. Reason: {authStatus}"; } } if (!string.IsNullOrEmpty(errorMessage)) { log.LogError(errorMessage); } else { log.LogInformation($"Successfully negotiated for {userName} as {userId}"); } return(string.IsNullOrEmpty(errorMessage) ? (ActionResult)funcResult : new BadRequestObjectResult(new { message = errorMessage })); }