如何存储HTTP触发的Azure函数的已知客户端证书? [英] How do I store known client-certificates for an HTTP-triggered Azure Function?

问题描述

我只允许对包含知名客户端证书的HTTP触发的Azure函数的请求.

I'd like to only allow requests to an HTTP-triggered Azure Function that include a well-known client-certificate.

我不希望将未经批准"的请求转发到Azure功能.

• 我已将 Client-certificate模式设置为 Require

Azure的信任库在哪里，我可以在其中存储这些知名的客户端公共证书?

• 如何指向AppService查看此信任库?

推荐答案

将您的Azure函数托管在APIM后面，然后您就可以使用API​​M来管理客户端证书.然后，您可以使用azure门户中的客户端证书"页面将客户端证书上载到APIM资源，并将APIM策略配置为仅允许受信任的客户端.

Host your azure functions behind an APIM then you can use APIM to manage your client certificates. You can then use the Client Certificates page in the azure portal to upload your client certificates to the APIM resource and configure the APIM policy to only allow trusted clients.

有关通过Azure函数设置APIM的信息，请参见:

For setting up APIM over your azure functions see : https://docs.microsoft.com/en-us/learn/modules/build-serverless-api-with-functions-api-management/

使用客户端证书保护对API的访问权限:

For using client certificates to secure access to an API : https://docs.microsoft.com/en-us/learn/modules/control-authentication-with-apim/4-secure-access-client-certs

另请参阅: 查看全文