使用 ARM 模板在 Azure Function App 中轻松进行身份验证和授权 [英] Easy Authentication and Authorization in Azure Function App using ARM template
问题描述
如果我手动配置,Azure App Service 的简单身份验证和授权"功能在我的 Azure Function 应用程序中有效.当我使用 ARM 模板时它不起作用.
"Easy Authentication and Authorization" feature of Azure App Service works in my Azure Function app if I configure it manually. It does not work when I use an ARM Template.
I used this web site to figure out the config values: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.websites.models.siteauthsettings?view=azuremgmtwebsites-1.6.0-preview
这是它的样子,想法?
编辑:在 https://resources.azure.com检查结果配置后a> 我看到根本没有应用siteAuthEnabled"和siteAuthSettings".是否应该在其他地方指定它们?
EDIT : after checking the resulting config at https://resources.azure.com I see that "siteAuthEnabled" and "siteAuthSettings" are not applied at all. Should they be specified somewhere else?
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('webApiFunctionAppName')]",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
],
"resources": [{
"apiVersion": "2016-08-01",
"name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
"type": "Microsoft.Web/sites/config",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('webApiFunctionAppName'))]"
],
"properties": {
"netFrameworkVersion": "v4.0",
"managedPipelineMode": "Integrated",
"siteAuthEnabled": true,
"siteAuthSettings": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"allowedExternalRedirectUrls": null,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('aadClientId')]",
"clientSecret": null,
"issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]",
"allowedAudiences": null,
"isAadAutoProvisioned": false
}
}
}],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"hostNameSslStates": [{
"name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Standard"
},
{
"name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Repository"
}
],
"siteConfig": {
"appSettings": [{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~1"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(parameters('webApiFunctionAppName'))]"
}
]
}
}
}
推荐答案
好的,明白了.此模板有效.
Ok GOT it. This template works.
{
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('webApiFunctionAppName')]",
"location": "[resourceGroup().location]",
"kind": "functionapp",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
],
"resources": [{
"name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
"apiVersion": "2016-08-01",
"type": "Microsoft.Web/sites/config",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('webApiFunctionAppName'))]"
],
"properties": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('aadClientId')]",
"issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]"
}
}],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
"hostNameSslStates": [{
"name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Standard"
},
{
"name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
"sslState": "Disabled",
"virtualIP": null,
"thumbprint": null,
"toUpdate": null,
"hostType": "Repository"
}
],
"siteConfig": {
"appSettings": [{
"name": "AzureWebJobsDashboard",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~1"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[toLower(parameters('webApiFunctionAppName'))]"
}
]
}
}
}
这篇关于使用 ARM 模板在 Azure Function App 中轻松进行身份验证和授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!