Securing HTTP-Triggered Azure Function

Securing HTTP-Triggered Azure Function

In order to start working with Azure Functions you need to create a Function App in your Azure subscription. It is a container that groups your functions into a logical unit. I am going to add an .NET Azure Function that will be triggered by HTTP-trigger. It will receive a Guid Id of my Azure subscription, it will check what my current spend is and will return true/false response indicating if I am under my budget or over it.

Click on ‘Add Function’, select HTTP Trigger template and you will see the screen where you can choose authorisation level for the function:

By default, it’s set to “Function”, which requires a function-specific API key, but it can also be set to “Admin” to use a global “master” key, or “Anonymous” to indicate that no key is required. I am going to leave it as “Function”.

Get the URL that you can call your function by

If your function accepts GET request then you can call it just by the URL displayed in the pop-up, but the preffered method is to add the code into the HTTP Header with the key x-functions-key
If your function accepts only POST then you should also add the code into the HTTP Header.

To specify the bindings go to the right hand side of the screen and open up function.json configuration file

In order to manage the keys go to the “Manage” tab and take the default key.

I can test my fucntion right here in the portal:

I have an output window

I can test my function by running it from Power Shell

Leave a Reply

Your email address will not be published. Required fields are marked *