使用 ARM 模板在 Azure Function App 中轻松进行身份验证和授权

Question

如果我手动配置，Azure 应用服务的

"Easy Authentication and Authorization" 功能可以在我的 Azure Function 应用程序中使用。当我使用 ARM 模板时它不起作用。

我使用这个网站来计算配置值：https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.websites.models.siteauthsettings?view=azuremgmtwebsites-1.6.0-preview

这是它的样子，想法？

EDIT ：在 https://resources.azure.com 检查生成的配置后，我发现 "siteAuthEnabled" 和 "siteAuthSettings" 根本没有应用。是否应该在其他地方指定它们？

{
  "apiVersion": "2016-08-01",
  "type": "Microsoft.Web/sites",
  "name": "[parameters('webApiFunctionAppName')]",
  "location": "[resourceGroup().location]",
  "kind": "functionapp",
  "dependsOn": [
    "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
  ],
  "resources": [{
    "apiVersion": "2016-08-01",
    "name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
    "type": "Microsoft.Web/sites/config",
    "dependsOn": [
      "[concat('Microsoft.Web/sites/', parameters('webApiFunctionAppName'))]"
    ],
    "properties": {
      "netFrameworkVersion": "v4.0",
      "managedPipelineMode": "Integrated",
      "siteAuthEnabled": true,
      "siteAuthSettings": {
        "enabled": true,
        "unauthenticatedClientAction": "RedirectToLoginPage",
        "tokenStoreEnabled": true,
        "allowedExternalRedirectUrls": null,
        "defaultProvider": "AzureActiveDirectory",
        "clientId": "[parameters('aadClientId')]",
        "clientSecret": null,
        "issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]",
        "allowedAudiences": null,
        "isAadAutoProvisioned": false
      }
    }
  }],
  "properties": {
    "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "hostNameSslStates": [{
        "name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Standard"
      },
      {
        "name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Repository"
      }
    ],
    "siteConfig": {
      "appSettings": [{
          "name": "AzureWebJobsDashboard",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "AzureWebJobsStorage",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "FUNCTIONS_EXTENSION_VERSION",
          "value": "~1"
        },
        {
          "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "WEBSITE_CONTENTSHARE",
          "value": "[toLower(parameters('webApiFunctionAppName'))]"
        }
      ]
    }
  }
}

Answer 1

好的，知道了。此模板有效。

 {
  "apiVersion": "2016-08-01",
  "type": "Microsoft.Web/sites",
  "name": "[parameters('webApiFunctionAppName')]",
  "location": "[resourceGroup().location]",
  "kind": "functionapp",
  "dependsOn": [
    "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "[resourceId('Microsoft.Storage/storageAccounts', variables('azFunctionsAppStorageAccountName'))]"
  ],
  "resources": [{
    "name": "[concat(parameters('webApiFunctionAppName'), '/authsettings')]",
    "apiVersion": "2016-08-01",
    "type": "Microsoft.Web/sites/config",
    "location": "[resourceGroup().location]",
    "dependsOn": [
      "[resourceId('Microsoft.Web/sites', parameters('webApiFunctionAppName'))]"
    ],
    "properties": {
      "enabled": true,
      "unauthenticatedClientAction": "RedirectToLoginPage",
      "tokenStoreEnabled": true,
      "defaultProvider": "AzureActiveDirectory",
      "clientId": "[parameters('aadClientId')]",
      "issuer": "[concat('https://sts.windows.net/', parameters('aadTenant'), '/')]"
    }
  }],
  "properties": {
    "serverFarmId": "[resourceId('Microsoft.Web/serverfarms', variables('webApiFunctionAppHostingPlanName'))]",
    "hostNameSslStates": [{
        "name": "[concat(parameters('webApiFunctionAppName'),'.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Standard"
      },
      {
        "name": "[concat(parameters('webApiFunctionAppName'),'.scm.azurewebsites.net')]",
        "sslState": "Disabled",
        "virtualIP": null,
        "thumbprint": null,
        "toUpdate": null,
        "hostType": "Repository"
      }
    ],
    "siteConfig": {
      "appSettings": [{
          "name": "AzureWebJobsDashboard",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "AzureWebJobsStorage",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "FUNCTIONS_EXTENSION_VERSION",
          "value": "~1"
        },
        {
          "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
          "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', variables('azFunctionsAppStorageAccountName'), ';AccountKey=', listKeys(variables('azFunctionAppStorageAccountid'),'2015-05-01-preview').key1)]"
        },
        {
          "name": "WEBSITE_CONTENTSHARE",
          "value": "[toLower(parameters('webApiFunctionAppName'))]"
        }
      ]
    }
  }
}

使用 ARM 模板在 Azure Function App 中轻松进行身份验证和授权

Easy Authentication and Authorization in Azure Function App using ARM template

azure

azure-resource-manager

azure-web-app-service

azure-functions