Securing Azure Function Calls with Azure AD and Calling From Azure Logic Apps

Introduction

This blog post explains the process of securing Azure Function Apps using Azure Active Directory (Azure AD). As part of an Azure integration architecture, it is crucial to ensure secure communication between various components. We will explore how to authenticate and authorize function apps to enable secure and authorized access, specifically focusing on calling function apps from Azure Logic Apps.

Azure Function Apps and Logic Apps

Azure Logic Apps are used to orchestrate different tasks and can call Azure Function Apps as part of their workflow. However, ensuring secure and authorized communication between these components is essential for enterprise-grade applications. In this blog post, we will address this challenge by leveraging Azure Active Directory authentication.

Securing Function Apps with Azure AD:

By enabling Azure Active Directory authentication for your function apps, you can establish a secure communication channel. This approach ensures that only authorized services can call your function apps. This will guide you through the process of securing a basic function app using Azure AD authentication.

1. Creating an Azure Active Directory Application: First, you need to create an Azure Active Directory application. This application will serve as the identity provider for your function app. You can do this by following these steps:

• Go to the Azure Active Directory app registration screen.
• Click on “New registration” and provide a name for your application.
• Leave the settings to default as we will be using the client credential flow.
• Click on “Register” to create the application.
• Next, go to “Expose API” and add the application URI as a scope.
• In the “API permissions” section, grant admin consent for the default directory.
• Create a client Secret and note down the value as it will be used later.

2. Configuring Azure AD Authentication for Function Apps:

• To secure your function app using Azure AD authentication, perform the following steps:
• Go to the function app and navigate to the authentication settings.
• Add the identity provider, which is Microsoft in this case.
• Select an existing application, such as the one you created earlier.
• Configure the settings to default and click on “Add.”

3. Calling Function Apps from Logic Apps:

• To call the secured function app from Azure Logic Apps, configure the authentication settings as follows:
• In the logic app designer, add the function app action.
• Choose the authentication type as Azure Active Directory.
• Provide the Azure AD OAuth details, including the authority, tenant ID, audience, client ID, and client secret.

4. Testing the Function App: Run the logic app and observe the successful execution. If the authentication is correctly configured, the function app will be called securely from the logic app.