Azure-docs: Allow Annonymous API Call + Force Users to log in AD
https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad
I have been using Mobile Apps for a whle now... but am running into a scenerio where i need timer/trigger functionality to make an API call say every 10 min.
Azure Functions making the API call to my App Services - Mobile App seems like the way to go. However, in this article "Configure your App Service app to use Azure Active Directory sign-in" Step 5: I have the express settings forcing users to log in or be redirected. Other than having Azure Functions open up a DB connection to interact with the DB directly, is there a better way to allow my Azure Funcitons Function through to the App-Services - Mobile App Api call?
i am needin to do this becuase the App-Services - Mobile App has alot of logic that would ahve to be duplicated into the Azure Function making it pretty complicated, where as the api call would "just work".
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 6f1c454d-73bc-5a73-5d3f-1b1ca7625044
- Version Independent ID: 552b3f09-6650-e7f7-01f2-a702005b83e9
- Content: Configure Azure Active Directory authentication - Azure App Service
- Content Source: articles/app-service/configure-authentication-provider-aad.md
- Service: app-service-mobile
- GitHub Login: @mattchenderson
- Microsoft Alias: mahender
HUBBER12
All 8 comments
@HUBBER12 Thanks for the question! We're investigating this and will get back to you shortly.
BhargaviAnnadevara-MSFT
on 28 Mar 2019
@mattchenderson, Requesting your insights and guidance on accomplishing this specific scenario.
AjayKumar-MSFT
on 1 Apr 2019
Just brainstorming:
One option would be to have AzureFunctions do some handshaking that authenticates trust, and then does not need to re-handshake.
Another would be to ONLY alow timer trigger functions to access a AppService-Mobie App because it's a timer and not open to be called from outside HTTP requests. And maybe only if it's on the same resource group or somehting like that.
HUBBER12
on 4 Apr 2019
Orignally i tired to use [AllowAnonymous] on the API call itself.. but that has never allowed an anonymous call i think its becuase i use the "lock everything down" and redirect to login option from AAD express ettings. If there is any way to get the [AllowAnonymous] to work on the api call that would be the preferred (and more obvious) way of attacking this.
HUBBER12
on 4 Apr 2019
Hi - I'm not sure I understand the request. Are you looking for a way for the function to call into your AAD-protected App Service? If that is the case, I would recommend using a service principal of some kind that allows the function app to present itself as a user. The simplest way to do this would be to use a managed identity in the function app. Your timer function could request a token to your mobile app and then attach this to its call.
mattchenderson
on 8 Apr 2019
@HUBBER12, Just checking to see if you had a chance to see the previous response, kindly let us know if you need further assistance on this issue with the requested details.
AjayKumar-MSFT
on 11 Apr 2019
@HUBBER12, Since we have not heard back from you we will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly reopen the issue and continue the discussion.
AjayKumar-MSFT
on 24 Apr 2019
Hi - I'm not sure I understand the request. Are you looking for a way for the function to call into your AAD-protected App Service? If that is the case, I would recommend using a service principal of some kind that allows the function app to present itself as a user. The simplest way to do this would be to use a managed identity in the function app. Your timer function could request a token to your mobile app and then attach this to its call.
Mattchenderson…. thank you soo much that worked perfectly.. Apologies I did not respond sooner, but yes your article posted there worked great for what i needed !
HUBBER12
on 2 Jun 2019
Related issues
mrdfuse
·
3Comments
varma31
·
3Comments
ianpowell2017
·
3Comments
Ponant
·
3Comments
bdcoder2
·
3Comments
Most helpful comment
Hi - I'm not sure I understand the request. Are you looking for a way for the function to call into your AAD-protected App Service? If that is the case, I would recommend using a service principal of some kind that allows the function app to present itself as a user. The simplest way to do this would be to use a managed identity in the function app. Your timer function could request a token to your mobile app and then attach this to its call.