How to add authentication to a Azure Function

Question

I have created an HTTP Triggered Azure Function and exposed some endpoints. I am calling those endpoints from Salesforce Community.

https://<testing...>.azurewebsites.net/getData
https://<testing...>.azurewebsites.net/postData
https://<testing...>.azurewebsites.net/updateData
https://<testing...>.azurewebsites.net/deleteData

The Azure Functions Authorization Level is anonymous. I can access the responses from HTTP endpoints to the salesforce community site.

How can I set the authorization level so that, the endpoints can only be accessible from the Salesforce Community and the salesforce Users?

Thanks

Answer 1

There are quite a few options available like App Service Authentication or using API management for authorizing requests.

Have a look at Securing Azure Functions - Authentication/authorization.

While function keys can provide some mitigation for unwanted access, the only way to truly secure your function endpoints is by implementing positive authentication of clients accessing your functions. You can then make authorization decisions based on identity.