question

StefanEscadea-1551 avatar image
0 Votes"
StefanEscadea-1551 asked PramodValavala-MSFT answered

How to access an AzureAD secured Azure Function from Powershell?

Dear community,

I would like to access an AzureAD secured Azure Function from Powershell.

The function is in Tenant A, anonymous access is enabled
The function app is connected to Tenant B for authentication.

When I try to access the function in the browser, I get redirected to a login page. When I login with an account that exists in Tenant B, everything is working fine. However, when I try this in Powershell, it does not work. This is what I tried in Powershell:

I$tokenData = Get-AzAccessToken $functionUrl = "https://samplefunctiontitle.azurewebsites.net/api/authTestFunction" Invoke-WebRequest -Uri $functionUrl -Headers @{'Authorization' = ('Bearer '+$tokenData.Token)}

The response is "You do not have permission to view this directory or page."

My current context is a subscription in Tenant B, using the same account I used in the web browser.

I've read that there's a difference between user sessions and client sessions, however, I cannot figure out how I can get this working. I'm supposed to create an app registration for the client/script, but in which tenant does it need to be? And I would be awesome if I could use the Context from Powershell instead of redirecting the user to a web browser to login.

If someone knows the answer, that would be awesome!

Kind regards,

Stefan Petter


azure-functionsazure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered

@StefanEscadea-1551 When using Authentication/Authorization with Azure Functions, the standard bearer token approach does not work. Instead, you must follow the authentication flow as documented for the same.

So, in addition to what you have already, you must exchange the azure ad token for the app service specific token and pass that in the X-ZUMO-AUTH header as shown in the docs.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.