Is it possible to create an Azure Function which will take username and password as input parameters and function should validate user against Azure AD.
相关问题
- Sorting 3 numbers without branching [closed]
- Graphics.DrawImage() - Throws out of memory except
- Why am I getting UnauthorizedAccessException on th
- running headless chrome in an microsoft azure web
- Docker task in Azure devops won't accept "$(pw
Firstly, it's important to mention that collecting username and password for an Azure AD user as part of your application (Azure function or web app any other application you're developing) is very much against the best practices and opens up multiple attack risks. So even though you may be able to use workarounds to achieve it, please do reconsider the requirement that you have from a security standpoint.
Workaround - ROPC - Resource Owner Password Credentials Grant (Not recommended, multiple issues)
Azure AD does not provide a direct API to validate user credentials. As a workaround (and a bad one at that), you can use Resource Owner Password Credentials (ROPC) flow which works with username and password to acquire a token.
It violates security best practices and also does not work with MFA and federated authentication users. Using this grant is highly discouraged as it brings potential attack risks, so not recommended.
If either username or password is incorrect, you will get an exception, otherwise you get back a valid token which means credentials are good.
Here are a couple of links that cover details on ROPC (and recommend not using it at the same time..):
For example, code would look like this for a native application.
Other references