Add custom key-based authentication to HTTP triggers (#12)

Related to #10

Add custom key-based authentication to HTTP triggers.

* **README.md**: Add instructions for setting up custom key-based authentication.
* **BaseHttpTrigger.cs**: Add `ValidateCustomKey` method to perform custom key-based authentication. Update `Authorize` method to accept a custom key and validate it using `ValidateCustomKey`.
* **UserDetailsTrigger.cs**: Update `Run` method to use `AuthorizationLevel.Function` and pass a custom key to the `Authorize` method.
* **HealthCheckTrigger.cs**: Update `Run` method to use `AuthorizationLevel.Function` and pass a custom key to the `Authorize` method. Add custom key validation in the `Run` method.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/palkalaiselvand/Azure_HTTPTriggerFunctionSample/issues/10?shareId=XXXX-XXXX-XXXX-XXXX).

Author: palkalaiselvand

README.md

@@ -93,4 +93,70 @@ Azure_HTTPTriggerFunctionSample
       "EmailAddress": "[email protected]",
       "Department": "Information Technology"
     }
-    
+
+### Custom Key-based Authentication
+
+To set up custom key-based authentication, follow these steps:
+
+1. Add a custom key to your `local.settings.json` file:
+
+    ```json
+    {
+      "IsEncrypted": false,
+      "Values": {
+        "AzureWebJobsStorage": "UseDevelopmentStorage=true",
+        "FUNCTIONS_WORKER_RUNTIME": "dotnet",
+        "SampleApp_ConnectionString": "Data Source=(localdb)\\ProjectsV13;Initial Catalog=SampleApp;Integrated Security=True;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False",
+        "SampleApp_ServiceBus_ConnectionString": "Endpoint=sb://developmentaccount.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=2m+dy8rXboZmHrDdqkDod46Hg/DThH9aYEM1ZYFWUpo=",
+        "SampleApp_ServiceBus_QueueName": "sbuserdetailsqueue",
+        "SampleApp_ServiceBus_TopicName": "sbuserdetailstopic",
+        "SampleApp_StorageAccount_ConnectionString": "DefaultEndpointsProtocol=https;AccountName=storaccpocctr;AccountKey=SzlfpjbTy+VpR0DqJHt6Wb4/TP1MEPV0eIsjHepxSxXQ5e3RitFTwwz5clAxWxXAloNO2Hc2yZvePHks65I/qg==;EndpointSuffix=core.windows.net",
+        "SampleApp_StorageQueueName": "squserdetailsqueue",
+        "AzureQueueAssets": "ServiceBus|Queue",
+        "CustomAuthKey": "your-custom-key"
+      }
+    }
+    ```
+
+2. Update your HTTP trigger functions to use the custom key for authentication. For example, in `UserDetailsTrigger.cs`, pass the custom key to the `Authorize` method:
+
+    ```csharp
+    [FunctionName(nameof(UserDetailsTrigger))]
+    public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Function, "post", Route = "v1/userdetails")] HttpRequest req,
+        ILogger logger)
+    {
+        string customKey = req.Headers["CustomAuthKey"];
+        return await Request(req, logger)
+            .Authorize(AuthorizationLevel.Function, customKey)
+            .Run(Work);
+    }
+    ```
+
+3. Implement the `ValidateCustomKey` method in `BaseHttpTrigger.cs` to perform custom key-based authentication:
+
+    ```csharp
+    public class BaseHttpTrigger
+    {
+        // Existing code...
+
+        public bool ValidateCustomKey(string customKey)
+        {
+            string expectedKey = Environment.GetEnvironmentVariable("CustomAuthKey");
+            return customKey == expectedKey;
+        }
+    }
+    ```
+
+4. Update the `Authorize` method in `BaseHttpTrigger.cs` to accept a custom key and validate it using `ValidateCustomKey`:
+
+    ```csharp
+    public RequestContext Authorize(AuthorizationLevel authorizationLevel, string customKey)
+    {
+        _authorizationLevel = authorizationLevel;
+        if (!ValidateCustomKey(customKey))
+        {
+            throw new UnauthorizedAccessException("Invalid custom key");
+        }
+        return this;
+    }
+    ```

SampleFunctionApp/HttpTrigger/BaseHttpTrigger.cs

@@ -15,39 +15,47 @@ public RequestContext Request(HttpRequest req, ILogger logger)
         {
             return new RequestContext(req, logger);
         }
+
+        public bool ValidateCustomKey(string customKey)
+        {
+            string expectedKey = Environment.GetEnvironmentVariable("CustomAuthKey");
+            return customKey == expectedKey;
+        }
     }
 
     public class RequestContext
     {
         private readonly HttpRequest _httpRequest;
         private readonly ILogger _logger;
         private AuthorizationLevel _authorizationLevel;
+        private string _customKey;
+
         public RequestContext(HttpRequest httpRequest, ILogger logger)
         {
             _httpRequest = httpRequest;
             _logger = logger;
         }
 
-        public RequestContext Authorize(AuthorizationLevel authorizationLevel)
+        public RequestContext Authorize(AuthorizationLevel authorizationLevel, string customKey)
         {
-            //TODO: Load required data to perform authenticationa nd authorization
-            // For now just to have a place holder I created this
             _authorizationLevel = authorizationLevel;
+            _customKey = customKey;
+            if (!new BaseHttpTrigger().ValidateCustomKey(customKey))
+            {
+                throw new UnauthorizedAccessException("Invalid custom key");
+            }
             return this;
         }
 
         public async Task<IActionResult> Run(Func<HttpRequest, ILogger, Task<IActionResult>> func)
         {
             try
             {
-                //TODO: Perform custom authentication and authorization logic
-                // For now just to have a place holder I created this
-                if (_authorizationLevel != AuthorizationLevel.Anonymous)
+                if (_authorizationLevel != AuthorizationLevel.Anonymous && !new BaseHttpTrigger().ValidateCustomKey(_customKey))
                 {
                     return new ForbidResult();
                 }
 
-                //Call the actual WORK method to perform the task
                 return await func(_httpRequest, _logger);
             }
             catch (Exception ex)

SampleFunctionApp/HttpTrigger/HealthCheckTrigger.cs

@@ -11,11 +11,17 @@ public static class HealthCheckTrigger
     {
         [FunctionName("HealthCheckTrigger")]
         public static async Task<IActionResult> Run(
-            [HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req,
+            [HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req,
             ILogger log)
         {
             log.LogInformation("HealthCheckTrigger function processed a request.");
 
+            string customKey = req.Headers["CustomAuthKey"];
+            if (!new BaseHttpTrigger().ValidateCustomKey(customKey))
+            {
+                return new UnauthorizedResult();
+            }
+
             return new OkObjectResult("App is healthy");
         }
     }

SampleFunctionApp/HttpTrigger/UserDetailsTrigger.cs

@@ -37,11 +37,12 @@ public UserDetailsTrigger(IRequestAuditRepository audit,
             _storageQueue = storageQueue;
         }
         [FunctionName(nameof(UserDetailsTrigger))]
-        public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "v1/userdetails")] HttpRequest req,
+        public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Function, "post", Route = "v1/userdetails")] HttpRequest req,
             ILogger logger)
         {
+            string customKey = req.Headers["CustomAuthKey"];
             return await Request(req, logger)
-                .Authorize(AuthorizationLevel.Anonymous)
+                .Authorize(AuthorizationLevel.Function, customKey)
                 .Run(Work);
         }