azure-functions-host icon indicating copy to clipboard operation
azure-functions-host copied to clipboard
verified publisher icon Azure

Authentication Scheme and Authorization policy Registration in Startup in Azure Function V2

Open JishanK opened this issue 6 years ago • 16 comments

Can we register Authentication Scheme and Authorization policy in startup which inherits FunctionsStartup. While I am trying, I am getting below exception.

Microsoft.AspNetCore.Authentication.Core: No authentication handler is registered for the scheme 'WebJobsAuthLevel'. The registered schemes are: AADScheme. Did you forget to call AddAuthentication().AddSomeAuthHandler

JishanK avatar May 08 '19 04:05 JishanK

Having the same issue when trying to add certificate authentication middleware in my function app startup code. Need to validate incoming client certificate for every request and make sure it has a specific thumbprint. Any hints on how to accomplish this given this issue?

paululvinius avatar May 16 '19 20:05 paululvinius

@JishanK Can you able to figure out how to add authentication handler in FunctionsStartup ??

AnunnakiSelva avatar May 22 '19 06:05 AnunnakiSelva

@alrod Any update on this issues ? Is there a way to add custom token authentication ??

AnunnakiSelva avatar May 22 '19 11:05 AnunnakiSelva

@fabiocav, can you please comment.

alrod avatar May 24 '19 18:05 alrod

The ASP.NET authentication and middleware pipeline configuration (injection/modification) is not (currently) a supported scenario. Flagging this as a feature request.

fabiocav avatar May 24 '19 18:05 fabiocav

Any ETA on when this feature will be rolled out? According to the issue reported in Azure/azure-functions-core-tools/issues/1341 we are pretty much stuck and unable to progress at all!

@jeffhollan @fabiocav

/cc @miladghafoori

Arash-Sabet avatar Jun 16 '19 19:06 Arash-Sabet

It's not currently prioritized into coming in the near future. So hard to give an ETA. It's a valid feature request but not something that is committed to in the next 3 months. Definitely helps when community helps upvote or +1 as well to help us prioritize correctly.

jeffhollan avatar Jun 26 '19 19:06 jeffhollan

@jeffhollan Well, I originally raised an issue in /Azure/azure-functions-core-tools/issues/1341 and then I was diverted to this ticket. The issue in that ticket is a showstopper and we could not find a workaround or other ways to address it so far. It's a bit confusing as I have had the impression that it has become a high priority item to address.

I hope the ticket per this comment is still a high priority: https://github.com/Azure/azure-functions-core-tools/issues/1341#issuecomment-496014395

/cc @miladghafoori

Arash-Sabet avatar Jun 27 '19 13:06 Arash-Sabet

is there any update or workaround on this? I think it's import for Azure function to support auth middleware

gynet avatar Sep 05 '19 23:09 gynet

I dont know of anyway to hook into the middleware. But, you can get auth to work. See here: https://github.com/Azure/azure-functions-host/issues/4485

espray avatar Sep 06 '19 01:09 espray

I did add the schema into the constructor, it still has the error of "No authentication handler is registered for the scheme 'WebJobsAuthLevel'", which schema should I register for WebJobsAuthLevel?

      this._authenticationSchemeProvider = authenticationSchemeProvider;

            if (_authenticationSchemeProvider.GetSchemeAsync(IdentityConstants.ApplicationScheme).GetAwaiter().GetResult() == null)
            {
                _authenticationSchemeProvider.AddScheme(new AuthenticationScheme(IdentityConstants.ApplicationScheme, IdentityConstants.ApplicationScheme, typeof(CookieAuthenticationHandler)));
            }
            if (_authenticationSchemeProvider.GetSchemeAsync(IdentityConstants.TwoFactorUserIdScheme).GetAwaiter().GetResult() == null)
            {
                _authenticationSchemeProvider.AddScheme(new AuthenticationScheme(IdentityConstants.TwoFactorUserIdScheme, IdentityConstants.TwoFactorUserIdScheme, typeof(CookieAuthenticationHandler)));
            }
            if (_authenticationSchemeProvider.GetSchemeAsync(IdentityConstants.TwoFactorRememberMeScheme).GetAwaiter().GetResult() == null)
            {
         ```

gynet avatar Sep 06 '19 18:09 gynet

It's not currently prioritized into coming in the near future. So hard to give an ETA. It's a valid feature request but not something that is committed to in the next 3 months. Definitely helps when community helps upvote or +1 as well to help us prioritize correctly.

Where do we +1 this feature request?

mmulhearn avatar Jan 20 '21 18:01 mmulhearn

@mmulhearn you can follow this issue https://github.com/Azure/azure-functions-host/issues/6805

espray avatar Jan 20 '21 18:01 espray

hm not sure that's what i'm looking for @espray . I want what this thread is asking for which is pretty much to use the aspnet core authentication and authorization middleware in a function.

mmulhearn avatar Jan 20 '21 18:01 mmulhearn

+1 this seems like an important scenario, especially for users of Azure Functions on k8s, where they can't utilize the TLS implementation in Azure App Service

esimkowitz avatar Oct 12 '21 01:10 esimkowitz

Take a look at this for v2: https://www.nuget.org/packages/DarkLoop.Azure.WebJobs.Authorize and this one for v3: https://www.nuget.org/packages/DarkLoop.Azure.Functions.Authorization.InProcess Check this blog post for more details: https://blog.darkloop.com/post/functionauthorize-for-azure-functions-v3

artmasa avatar Nov 18 '21 20:11 artmasa