Azure功能-配置客户端证书身份验证
功能是否支持在消费计划中使用客户端证书授权对功能的访问?类似于这里?基本上,我正在寻找Functions运行时,以在调用者没有提供有效的客户端证书的情况下立即拒绝连接请求,而不必在代码中实现该授权例程.
Do functions support authorizing access to a Function by using client certificates, in a consumption plan? Something similar to the approach described here? Basically, I'm looking for the Functions runtime to immediately reject connection requests if the caller does not present a valid client certificate, without me having to implement that authorization routine in the code.
这是我想出的代码,请注意:当req是 HttpRequestMessage Azure Functions v1 的./code>
Here's the code I came up with, note: this is for Azure Functions v1, when req is an HttpRequestMessage
呼叫者:
X509Certificate2 clientCert = req.GetClientCertificate();
if (!IsValidClientCertificate(clientCert))
{
return req.CreateErrorResponse(HttpStatusCode.Unauthorized, "A valid client certificate is not found");
}
对于 Azure Functions v2 ,您可以使用 req.HttpContext.Connection.ClientCertificate
基本验证功能:
static bool IsValidClientCertificate(X509Certificate2 clientCert)
{
// check the cert's thumbprint against expected thumbprint
if (clientCert.Thumbprint != "<expected thumprint>"
{
return false;
}
// check that we're within the cert's validity period
if (DateTime.Now > clientCert.NotAfter || DateTime.Now < clientCert.NotBefore)
{
return false;
}
// optionally check cert chaining validity
// if(!clientCert.Verify()) { return false; }
}