Intranoggin

Blither, Blather, Web Content Management.
Blog » Protecting Azure Functions with a Shared Secret.

Protecting Azure Functions with a Shared Secret.

In my earlier posts I walked you through creating a simple Alexa Skill in C# hosted on Azure Functions. At that time, we created it and allowed the function to be executed by anonymous callers. Obviously, that’s rarely the desired situation, so here is how you lock it down using a secret.

First, in our function code and change the authLevel value from anonymous to function.

authLevel

When you publish this code again to Azure, you’ll see this value change on the Integrate tab.

authLevel

Documentation on this value is sparse, but I believe it will allow other functions in this function app to call this function. Anonymous external calls are now blocked, but we can call this function by passing in a secret, so let’s create one.

Our secrets are available on the functions development tab as keys, or on the Monitor tab.

Development Tab

We’ll make our changes on the Manage tab. Open that Manage tab, and you’ll see the default existing key. Click Add new function key.

image

Then give the key a name, leave the key value blank and click save.

image

A random key is generated for us. Click the ‘Click to Show’ link for our new key and then copy it to your clipboard.

image

We’ll now need to reference that key in our Amazon Alexa Skill configuration. Open up your Skill configuration on the Amazon developer portal. Go to your Configuration tab. Adjust your URL to include a query string parameter ?code=<secret>, then click save

image

On the Test tab, you should see the key appended to the service simulator URL and Invoking it should yield a successful response.

image

And if you try hitting your service endpoint without the secret, you’ll get access denied.


Posted: 2/23/2017 5:46:00 AM by Ryan Miller | with 0 comments