Working in company which deals with hundreds of client azure tenants showed me how different it is working on your own tenant.
Recently i worked on a subscription based service and i want to show you how to build the secruity walls arround your azure functions.
Here is an example of subscriotion service which caters differently for each client based on thier type of subscription. Free or Paid or Premium.
Step 1: Lets start with creating a smiple azure function in Visual Studio. For the purposes of our example created two functions one with GET and one with POST methods.
Publish this function project to Azure tenant and see it run and test.
Step 3: Now its time for building the subscription based security layer around the OAuth enabled AZ functions. This is how it looks like by end of our configuration.
Lets start with creating a Azure API Management Service. It will take more than 10 mins to provision this.
Once created go to APIs and create new one selecting FunctionApp template and choose the functions exposed over that API. I created 3 API endpoints one for Free with just GetFunction(), Paid endpoint with POSTMethod() and Premium with all Functions.
Now lets test the Premium API with OAuth authorization. and see the result.
Result:
Step 4: Creating AZ API Subscriptions for each client with set API access is a best practice. So lets start creating the Sub Keys for each client and select the API for which they paid for.
Each subscription will have a primary and secondary key for access request. so now we send those clients these Subscription Keys and they need both OAuth key and thier own subscription key to access the azure functions.
Now when we made a request to API with OAuth it clearly says it needs the Subscription Key to access.
Now lets try with both with OAuth tokens and Subscription key, it goes thorugh sucessfuly.
Objective of providing access to Azure functions based on subscriptions was acheieved.
No comments:
Post a Comment