Forum Discussion

Joe Botelho's avatar
Joe Botelho
Copper Contributor
Jun 17, 2025

Can't access http context user claims in Azure Function

Background:

Create an Azure Function (.NET Core & C#) that will be consumed in a SPO App.

We created an Entra App Registration for the Azure Function and added App Roles for this App Registration where the App Role is using “Users/Group”, but not “Application”.

Issue:

In the SPO App (deployed in SPO Page), we can see the user claim and App Registration’s - App Role in the context of the user that’s hitting the SPO Page (thru Authorization header), however, in the Azure Function code the req.HttpContext.User.Claims object is empty.

So what is required or missing from a configuration perspective either in the Azure Function or App Registration to make this work?

1 Reply

  • See below the similar discussion and fix:

     

    1. Ensure Authentication is Enabled in Azure Function

      • Go to Azure Portal > Function App > Authentication.
      • Enable Microsoft Entra ID authentication (formerly Azure AD).
      • Set the authentication mode to Require authentication.

    2. Verify App Registration Permissions

      • In Microsoft Entra ID, check that the App Registration has the correct API permissions.
      • Ensure it includes User.Read or other relevant Graph API permissions.

    3. Check Claims in the Authorization Header

      • Since req.HttpContext.User.Claims is empty, manually inspect the Authorization header:
    var authHeader = req.Headers["Authorization"];
    var token = authHeader.Split(' ')[1];
    var handler = new JwtSecurityTokenHandler();
    var jwt = handler.ReadJwtToken(token);
    var claims = jwt.Claims;

     

    4. Use ClaimsPrincipal Injection

      • Instead of relying on req.HttpContext.User, try injecting ClaimsPrincipal directly:
    public async Task<IActionResult> Run(HttpRequest req, ClaimsPrincipal principal)
    {
        var userClaims = principal.Claims;
    }

     

    5. Check Authorization Level in Function Definition

      • If your function is set to Anonymous, claims won’t be populated.
      • Change the authorization level to Function or User.

     

    .net core - HttpRequest.HttpContext.User (ClaimsPrincipal) object in a Azure HttpTrigger Function does not contain my Identity from Authorization Header - Stack Overflow

Resources