You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I want to call the api and at the function decides what level of info to show/return based on user's roles.
Can someone give a sample on how to get logged user's roles in Azure Function on static web app?
When deploying Azure Function via "Function App", I can get the roles and current username, but with "Static Web App" I haven't figured it out yet.
namespaceFunction1{publicclassFunction1{[FunctionName("Function1")]publicstaticasyncTask<IActionResult>Run([HttpTrigger(AuthorizationLevel.Anonymous,"get","post",Route=null)]HttpRequestreq,ClaimsPrincipalprincipal){IEnumerable<string>roles=principal.Claims.Where(e =>e.Type.Equals("roles")).Select(e =>e.Value);stringname=principal.Identity.Name;stringresponseMessage=$"Hello, {name}. This HTTP triggered function executed successfully. {string.Join(',',roles)}";returnnewOkObjectResult(responseMessage);}}}
The text was updated successfully, but these errors were encountered:
The MS Azure docs suggest you should be able to get user details including roles in the endpoint of an authenticated Azure Function... butconst header = req.headers.get('x-ms-client-principal'); fails in dev and live as the header isn't there. I can't see how that could ever be in there, as it would expose the unencrypted user ID which is somewhat against the whole point.
I mean: you could get the user ID from /.auth/me and then stick it in a header, and pull that out in the Azure Function. That wouldn't be massively secure, but ought to work. Any attacker would be legitimately authenticated so could be fairly easily detected. It seems a bit hack.
Looking at how it actually behaves (not what the docs say), the StaticWebAppsAuthCookie is the only user identifiable thing leaving the client for Azure. So that signed package presumably contains enough for Azure to work out that you're authenticated. This open issue suggests that cookie contains User ID. However in my dev & live tests, the cookie isn't passed through to the Azure Function itself. Presumably the middleware strips it.
So the only way I can see to get the user ID (or other stuff eg roles) would be to pass those things explicitly. That seems a bit unsatisfactory as if the Function knows you have an authenticated role, it must know your ID. Perhaps that's obvious: these "serverless" endpoints are not intended to be connected to [for example] database backends?
Hi, I want to call the api and at the function decides what level of info to show/return based on user's roles.
Can someone give a sample on how to get logged user's roles in Azure Function on static web app?
When deploying Azure Function via "Function App", I can get the roles and current username, but with "Static Web App" I haven't figured it out yet.
The text was updated successfully, but these errors were encountered: