I've created a simple middleware that handles authorization:
public class AuthMiddleware(
IAuthService authService)
: IFunctionsWorkerMiddleware
{
public async Task Invoke(FunctionContext context, FunctionExecutionDelegate next)
{
var httpTriggerBinding = context.FunctionDefinition.InputBindings.Values.FirstOrDefault(a => a.Type == AppConstants.HttpTigger);
// TODO: We want to ignore functions with "AuthorizationLevel.Anonymous"
if (httpTriggerBinding != null)
{
var httpRequestData = await context.GetHttpRequestDataAsync();
if (!httpRequestData.Headers.TryGetValues(HeaderNames.Authorization, out var headers))
{
var httpResponseData = httpRequestData.CreateResponse(HttpStatusCode.BadRequest);
context.GetInvocationResult().Value = httpResponseData;
return;
}
else
{
var claimsPrincipal = await authService.GetClaimsPrincipal(headers.First());
if (claimsPrincipal == null)
{
var httpResponseData = httpRequestData.CreateResponse(HttpStatusCode.Unauthorized);
context.GetInvocationResult().Value = httpResponseData;
return;
}
httpRequestData.FunctionContext.Items.Add(AppConstants.User, claimsPrincipal);
}
}
await next(context);
}
}
Is there no way of accessing the AuthorizationLevel so I can ignore functions with AuthorizationLevel.Anonymous?
I've created a simple middleware that handles authorization:
Is there no way of accessing the AuthorizationLevel so I can ignore functions with AuthorizationLevel.Anonymous?