Authentication for Azure Functions is handled by the Azure Functions Authentication Service. The Authentication Service is configured to use the Azure AD integrated authentication mechanism.
This mechanism authenticates users against an Azure AD tenant. You can configure the Authentication Service to use other authentication mechanisms, such as a third-party authentication provider.
To configure the Authentication Service to use Azure AD integrated authentication, you first need to create an Azure AD account for the function app. Then, you need to create a binding between the Azure AD account and the function app. The binding is a connection between the Azure AD account and the function app. The Binding Secret is a secret used to identify the Azure AD account.
The Binding Type is set to AzureADIntegratedAuthentication. The Authentication Service uses the Binding Secret and the Binding Type to identify the Azure AD account.
After you create the binding, you need to create an authentication configuration for the function app. The authentication configuration specifies how the function app authenticates users.
You can use the Azure Functions Authentication Service to authenticate users against an Azure AD tenant or to use a third-party authentication provider. The authentication configuration specifies the authentication mechanism, the user name and password, and the callback URL.
To create the authentication configuration, use the Azure Functions Authentication Service. The following example creates an authentication configuration for the function app named MyApp.
The authentication configuration uses the Azure AD integrated authentication mechanism.
To use the authentication configuration, you need to set the Authentication Configuration parameter in the function app’s configuration file. The following example sets the Authentication Configuration parameter to MyApp.
After you set the Authentication Configuration parameter, the function app uses the authentication configuration to authenticate users. The function app sends the user name and password to the authentication mechanism. The authentication mechanism then authenticates the user against the Azure AD tenant.
If the user is authenticated, the function app sends the user back to the function app. If the user is not authenticated, the function app sends the user to the login page in the Azure Functions web portal.
After the user is authenticated, the function app can run the requested Azure Functions. The user can also use the Azure Functions web portal to log in to the function app.
The user can then run the requested Azure Functions.
The following example shows how to set the Authentication Configuration parameter.
To conclude, the Azure Functions Authentication Service is used to authenticate users against an Azure AD tenant. The Azure Functions Authentication Service is configured to use the Azure AD integrated authentication mechanism.