You are not logged in.

#1 2020-09-13 19:06:13

EulahMoffe
Member
From: Italy, Villasor
Registered: 2020-09-11
Posts: 23

API Keys Azure Functions AuthorizationLevel

Securing Azure Functions using API Keys

August 17, 2020 ·    by   ·    in , , , , Serverless,        · 1 Comment                          This article  shows how to secure Azure Functions using API Keys.
This is useful, if you have no control over the API client  implement ation, the client code base cannot be easily changed or the client is not Azure hosted.
This should only be used with trusted clients and is for machine to machine usage.
Code: https://github.com/damienbod/AzureFunctionsSecurity Blogs in the series  Securing  Azure Function s using API Keys.

Securing Azure Functions using Certificate authentication
Azure Functions AuthorizationLevel
Anonymous When setting up new Azure Functions

the trigger used can set the AuthorizationLevel enum of the Function.
If using  Anonymous , no security is required.

No API Key is required for this

[FunctionName("RandomStringAuthLevel Anonymous ")] public IActionResult RandomStringAuthLevelAnonymous( [HttpTrigger(AuthorizationLevel.
Anonymous, "get", Route = null)] HttpRequest req) {  return new OkObjectResult(GetEncodedRandomString()); }  API Keys Azure Functions  Authorization Level.
Function  The Author izationLevel.

Function can be set on the Azure Function to require an API Key

By setting the enum to Function, you ensure that a deployed instance of the  functions  will required at least a Function Key to access the resource behind the API.

A Host API Key will also grant access to this level of authorization

[FunctionName("RandomStringAuthLevelFunc")] public  IActionResult RandomStringAuthLevelFunc ( [HttpTrigger(AuthorizationLevel.
Function, "get", Route = null)] HttpRe quest  req) {  return new OkObjectResult(GetEncodedRandomString()); }  The API Key can be set in the Azure portal.
Open the functions in the portal, .

Select the Functions  blade and select the Function which requires an API key

Add a new Function Key using the Function Keys blade.
Using Postman, .

The Function with the API Key can be tested
If a HTTP request is sent to the API

a 401 is returned.
By adding the x-functions-key header with the API key value, the data will be returned.

You should only send API keys using HTTP headers and not in the URL as a parameter

The HTTP URL parameters are encypted in a HTTPS request, but usually get logged.
The logs tend to have a lower level of access than the secrets.
A Host Key can also be used to access an AuthorizationLevel.
Function API.
API Keys Azure Functions AuthorizationLevel.
Admin The AuthorizationLevel.
Admin authorization can be set.

If you require only a single API Key for all the functions in the deployment

or some clients have admin access to all the Functions.
This cannot be set for each function.
[FunctionName("RandomStringAuthLevelAdmin")] public IActionResult RandomStringAuthLevelAdmin( [HttpTrigger(AuthorizationLevel.
Admin, "get", Route = null)] HttpRequest req) {  return new OkObjectResult(GetEncodedRandomString()); }  A key which can be used for the AuthorizationLevel.
Admin can be set in the Azure portal using the Host Keys.
Notes: The API key is shared between both applications which is one of the problems with this security architecture.
Shared secrets seem to get shared a lot or are made public be accident.
Links: https://docs.microsoft.com/en-us/azure/azure-functions/security-concepts https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger Share this:.
Twitter.
Facebook.
Like this:.
Like   Loading.
Related.
Tags:.
NET Core, Authorization, Authz, Azure, Azure functions, dotnet, Security                                             One comment.
Dew Drop – August 17, 2020 (#3255) | Morning Dew    · August 17, 2020 - 11:59    · Reply→              […] Securing Azure Functions using API Keys (Damien Bowden) […].
Leave a Reply Cancel reply.
Enter your comment here.
Fill in your details below or click an icon to log in:.
Email  (Address never made public)                 Name                 Website                                                            You are commenting using your WordPress.com account.
( Log Out /     )                                                             You are commenting using your Google account.
( Log Out /     )                                                             You are commenting using your Twitter account.
( Log Out /     )                                                             You are commenting using your Facebook account.
( Log Out /     )                             Cancel   Connecting to %s             Notify me of new comments via email.
Notify me of new posts via email.
This site uses Akismet to reduce spam.
Learn how your comment data is processed.
← Retry Error Handling for Activities and Orchestrations in Azure Durable Functions   Symmetric and Asymmetric Encryption in.
NET Core →                Categories  Select Category.
NET.
NET Core  angular  AngularJS  AOP  App Service  ASP.
NET Core  ASPNET5  Azure  Azure functions  Azure Key Vault  Deployment  devops  Docker  dotnet  Elasticsearch  Enterprise Library  Entity Framework  git  javascript  jQuery  Logging  Lucene  Mobile  Monitoring  MVC  MVVM  Nest  NLog  NoSQL  NuGet  OAuth2  OData  Protobuf  Security  Semantic Logging  Serverless  SignalR  SLAB  SQL  SQLite  TopHeaderMenu  Typescript  UI  Uncategorized  Unity  Validation  Web  Windows 8 Apps  WiX  WPF                                                          Post to                                       %d  bloggers like this:.

Offline

Board footer

Powered by FluxBB