Home > Enterprise >  Isolated Azure Function bypass authentication middleware for Swagger UI page
Isolated Azure Function bypass authentication middleware for Swagger UI page

Time:06-23

I've created a new .NET 6 Isolated Azure Function. I've added the specific Nuget package for Swagger/OpenAPI (for Isolated):

Microsoft.Azure.Functions.Worker.Extensions.OpenApi v1.3.0

I then decorate my HttpTrigger Function with the appropriate [OpenApiOperation] attribute and correctly add the ConfigureOpenApi() method inside my Program.cs like so:

using Microsoft.Azure.Functions.Worker.Extensions.OpenApi.Extensions;
using Microsoft.Extensions.Hosting;

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults()
    .ConfigureOpenApi()
    .Build();

host.Run();

Everything works as expected and I can access my swagger UI url: http://localhost:7001/api/swagger/ui


It's now time to protect my Az Function and add support for JWT token validation. To do so, I followed this great article: https://joonasw.net/view/azure-ad-jwt-authentication-in-net-isolated-process-azure-functions

Because I'm inside an Isolated Azure Function I can now leverage middleware and the article does just that. It creates two middleware. So I've added them like so:

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults((context, builder) =>
    {
        builder.UseMiddleware<AuthenticationMiddleware>();
        builder.UseMiddleware<AuthorizationMiddleware>();
    })
    .ConfigureOpenApi()
    .ConfigureServices((context, services) =>
    {
        ...
    })
    .Build();

host.Run();

QUESTION:

Whenever I launch my Azure Function and I try to access my swagger UI url http://localhost:7001/api/swagger/ui

I am now getting a 401 unauthorized since the Authentication Middleware kicks in and since I don't have an authorization header value.

I believe it is normal that I don't have an authorization header value since I'm only trying to look at a swagger UI url.

How can I ask the Authentication middleware to not look for an authorization header if I'm coming from an url that has the word "swagger" in it?

Or is there a better/different way to achieve this?

Thanks Sincerely

CodePudding user response:

Looking at the documentation, you can use the UseWhen extension method.

you will need to use at least the version 1.8.0-preview1 of the Microsoft.Azure.Functions.Worker nuget package. (See github issue)

Then in you code you should be able to do something like that:

using Microsoft.Azure.Functions.Worker.Extensions.OpenApi.Extensions;
using Microsoft.Extensions.Hosting;

var host = new HostBuilder()
    .ConfigureFunctionsWorkerDefaults((hostContext, builder) =>
    {
        builder.UseWhen<AuthenticationMiddleware>(functionContext =>
        {
            // Only use the middleware if not related to swagger
            // Condition could be improved tho.
            return !functionContext.FunctionDefinition.Name.Contains("Swagger");
        });
        ...
    })
    ...

host.Run();
  • Related