Adding fine-grained policy based authorization to Azure Functions in Isolated mode

It’s amazing to see that the DarkLoop.Azure.Functions.Authorize (now DarkLoop.Azure.Functions.Authorization.InProcess) NuGet package has received over 160K downloads in almost three years since its publication.

Since then, Microsoft has introduced another way of hosting Azure Function applications: the Isolated worker model. This mode was launched with a new set of APIs, moving away from the well-known HttpRequest and HttpRequestMessage bindings that HTTP-triggered functions have in the In-Proc hosting model. Unfortunately, this change prevented my package from utilizing the ASP.NET Core Authorization infrastructure for handling authorization in Azure Functions.

More recently ASP.NET Core integration has been added to the Isolated worker hosting model. It was time to bring the AuthorizeAttribue behavior to Isolated worker Function apps.

Moving this Blog to a new home!

For some time I’ve been wanting to move my blog to GitHub Pages to have access to Markdown. I’ve been hosting it using BlogEngine and it’s been a really good experience, but I think I’m going to love the built-in Markdown support. This is my first try!

For years I have hosted my blog in an Azure Web App. Being a .NET developer, I’ve alwas wanted to stay in that lane and App Services have always attracted me for anything personal. I didn’t create the solution my self; as I said above, I’ve been hosting it using BlogEngine which has a really nice editor for everything I needed.

I the last years I’ve spent considerable time creating web content for work using Markdown and really enjoy the simplicity of editing, publishing and have access to really low HTML level constructs when required. So, I decided to take on GitHub pages and I’m so happy I’ve made the decision.

Because I’m a beginner and wanted to get content migrated as soon as possible, I decided to use pre-built templates to get the site going. THIS WAS A MISTAKE!

Automating deployment of custom domains for Azure Front Door Standard/Premium (Preview) using ARM

Azure Front Door for standard and premium tiers offers great flexibility for deploying the different components within it, in contrast to the current Front Door offering where all the components have to be defined in a single resource definition. This new behavior gives us the ability to use a central Front Door instance and manage multiple independent endpoints that can be managed separately.

As in many other, network and application services, Azure gives the option to configure custom domains. All you need is to proof domain’s ownership and you are ready to go. And when you manage your public DNS zone in Azure you can automate the creation of verification records to automate provisioning the custom domain configuration for your services.

FunctionAuthorize for Azure Functions v3

In a prior post I discussed Bringing the AuthorizeAttribute behavior to Azure Functions v2. Since then V3 has been around for quite some time and I had not ported the referenced package with compatibility for V3 until now (GitHub repo).

Microsoft has not yet made the Functions Filter feature GA and is still considered a preview feature. So the new package is made available as a pre-release package.

This framework is now also available for V4 Isolated

Since some names within Azure Functions SDK are moving from WebJobs... to Functions...; this package also moves the attribute from WebJobAuthorizeAttribute to FunctionAuthorizeAttribute.

Using App Service Managed Identity with Azure Functions Service Bus/Event Hub Bindings

Nothing better than removing all secrets from source and configuration settings in our applications. Azure App Services have a feature called Managed Identity in which you can configure an application to run under the context of a Service Principal to access other resources the application has been granted access to. In the case of Azure Functions you can enable it by accessing the Identity link under the Platform features tab.