Creating a business application based on Azure Functions will often involve User Authentication. In the .NET world, it often means leveraging IdentityServer, so migrating it to Azure Functions seems like an interesting approach to lower the cost of hosting your authentication server.
TLDR: Check the sample on GitHub.
- Azure Functions application, for running the proxy
- (Optional) Application Insights resource, for troubleshooting your code once published
- Reference recipes used in this recipe:
This is mainly a proof of concept to show the possibilities. TestServer, which is used in this recipe, should be reviewed for thread safety/performance and a new custom server should be developed to use this recipe in production. Thanks to Christian Weyer for pointing me to this blog post which provides an alternative approach inspired from TestServer.
|⏲️ Preparation||👨🍳 Ready In|
|15 minutes||30 minutes|
- Download IdentityServer4 samples from GitHub: https://github.com/IdentityServer/IdentityServer4.Samples
- Open the solution for Quickstart #3: 3_ImplicitFlowAuthentication
- Apply the Hosting your ASP.NET Core MVC APIs inside Azure Functions recipe to project Api.
- Make sure that local.settings.json is using a LocalHttpPort of 5001
- Apply the Hosting your ASP.NET Core Razor Pages inside Azure Functions recipe to projects IdentityServer.
- Make sure that local.settings.json is using a LocalHttpPort of 5000
- Post-build steps are not required here.
- Apply the Hosting your ASP.NET Core Razor Pages inside Azure Functions recipe to projects MvcClient.
- Make sure that local.settings.json is using a LocalHttpPort of 5002
- Change startup project to start multiple project at once: Api, IdentityServer & MvcClient
- Press OK.
- Press F5 to start all 3 Functions.
- To test your Functions, navigate to http://localhost:5002
- Select the Secure menu on top.
- Since there is no user authenticated, it will navigate to the IdentityServer with specific URL on http://localhost:5000/Account/Login in order to authenticate. Use Username bob and Password password. Press Login.
- The IdentityServer will then request your permission, press Yes, Allow.
- IdentityServer will now navigate back, authenticated to http://localhost:5002/Home/Secure and display information about the authenticated user.