0

I've been building an app in Asp.Net Core and I'm now migrating the API layer to Azure Functions. At the moment authorisation is setup using Microsoft.AspNetCore.Authorization and Microsoft.AspNetCore.Identity (i.e. SignInManager, UserManager, Roles + Claims). I'm looking for a place to start on how to move the authorization component to the equivalent in Azure Functions.

My ideal scenario for authentication in my app is to allow a user to register on the site as a business (currently setup as a "domain"), and for the business to have multiple associated users. The "domain" could also request a key to access the API layer for integration into their own systems.

Do I need to setup Azure Active Directory for authentication? Or is it a custom implementation based on my current user data? Is it even possible?

HariHaran
  • 3,642
  • 2
  • 16
  • 33
AnteSim
  • 1,265
  • 1
  • 12
  • 11

1 Answers1

0

Do I need to setup Azure Active Directory for authentication? Or is it a custom implementation based on my current user data? Is it even possible?

Not necessary. If you want to switch over to easy auth and store the users in AAD, then yes. (Easy auth be cofigured using other providers like Facebook, Google, or custom.) In this case the users will authenticate over AAD, and AAD will give the client app an auth cookie (that can be exchanged for a JWT). You can validate the JWT in the functions. Here is a similar question on SO, with answer.

You can also implement your own token creation endpoint and store the users on your own.

I recommend putting a API Gateway before the API endpoints. This gives you additional security, like calling rate rule (protects you from DDOS), additional token checking and route mappings.

Zsolt Bendes
  • 2,219
  • 12
  • 18