只允许公共访问Azure应用程序的1个终结点 [英] Allowing public access to only 1 endpoint of Azure Application

问题描述

我正在构建一个小型Azure无服务器应用程序，该应用程序具有3个不同的功能，这些功能由3个不同的HTTP事件触发.我将每个功能的授权级别"设置为匿名".然后，我设置了身份验证(在应用程序级别)以链接到我的Azure Active Directory.尽管我花了一些时间弄清楚那部分，但最终它看起来像是一种魅力.问题是，现在我需要为每个函数传递承载令牌，而我需要其中一个函数可以公开访问.有什么方法不需要我将一个功能拆分为单独的Azure应用程序吗?

I'm building a small Azure Serverless Application with 3 distinct functions triggered by 3 different HTTP events. I set the "Authorization Level" to "Anonymous" for each of the functions. Then I set up the Authentication (on the application level) to link to my Azure Active Directory. Although it took me some time to figure out that part, in the end it appears to work like a charm. The issue is that right now I'm required to pass the bearer token for each and every one of these functions, whereas I need one of them to be publicly accessible. Is there any way to do that that does not require me to split that one function into a separate Azure Application?

推荐答案

我认为URL授权规则应该在这里有所帮助.

I think URL authorization rules should help here.

对于您的方案，启用身份验证/授权并允许在门户中进行匿名访问.接下来，您将要在网站的根目录中创建一个 authorization.json 文件，并定义两条路由:

For your scenario, Enable the Authentication/Authorization and allow anonymous access in the portal. Next, you'll want to create an authorization.json file in the root of your site and define two routes:

• 在根目录禁用匿名访问.
• 启用匿名功能URL的匿名访问.

authorization.json

{
  "routes": [{
      "path_prefix": "/",
      "policies": { "unauthenticated_action": "RedirectToLoginPage" }
    },{
      "path_prefix": "/api/HttpTrigger1",
      "policies": { "unauthenticated_action": "AllowAnonymous" }
    }]
}

注意::在启用身份验证/授权并在wwwroot文件夹中添加authorization.json文件后，请确保停止/启动Function App.

NOTE: Make sure to Stop/Start Function App after enabling the Authentication/Authorization and adding the authorization.json file at wwwroot folder.

这篇关于只允许公共访问Azure应用程序的1个终结点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！