You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At present, Function Monkey supports only token-based authentication. This is done through ITokenValidator.ValidateAsync(string authorizationHeader), so the validator only has the authorization available to it.
I'd like to use X.509 mutual TLS authentication. When using mutual TLS auth, Azure Functions makes the certificate available in a different header, X-ARR-ClientCert, as well as through HttpContext.Connection.ClientCertificate for the current request. I don't believe it's possible to achieve this today using ITokenValidator; you might be able to ignore the auth header in ValidateAsync and inject HttpContext into thhe validator, but feels a bit icky 😅
It would be useful to have a more "general purpose" authentication mechanism available, which perhaps had the full HttpContext available to it, by which I mean the "real" one, not the slimmed down FunctionMonkey.Abstractions.Contexts.HttpContext.
Love this project, BTW 👌
The text was updated successfully, but these errors were encountered:
At present, Function Monkey supports only token-based authentication. This is done through
ITokenValidator.ValidateAsync(string authorizationHeader), so the validator only has theauthorizationavailable to it.I'd like to use X.509 mutual TLS authentication. When using mutual TLS auth, Azure Functions makes the certificate available in a different header,
X-ARR-ClientCert, as well as throughHttpContext.Connection.ClientCertificatefor the current request. I don't believe it's possible to achieve this today usingITokenValidator; you might be able to ignore the auth header inValidateAsyncand injectHttpContextinto thhe validator, but feels a bit icky 😅It would be useful to have a more "general purpose" authentication mechanism available, which perhaps had the full
HttpContextavailable to it, by which I mean the "real" one, not the slimmed downFunctionMonkey.Abstractions.Contexts.HttpContext.Love this project, BTW 👌
The text was updated successfully, but these errors were encountered: