Oct 02 2017 07:23 PM
Say I have an SPFX WebPart that needs to call an Azure function to do some work. The Azure function needs to know who the user is that made the request. How do I pass the users Identity from the SPFX Webpart to the Azure function?
Oct 03 2017 10:58 AM
Instead of sending the user's identity, you should consider authenticating against the API. Since SPFx solutions are client-side, it would be trivial for someone else to pretend they're calling the API on behalf of someone else. The following article explains the concept and available capabilities in more detail: https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-...
Oct 03 2017 05:05 PM
Thanks Waldek, Just what i needed!
Do we have a github sample for this yet?
Oct 03 2017 11:05 PM
There is one sample available at https://github.com/SharePoint/sp-dev-fx-webparts/tree/master/samples/react-aad-webapi. It's built using an older version of the SharePoint Framework, but it should give you a general idea of the different pieces involved.
Dec 27 2019 07:14 PM
I'm two years late to the party, but I want to add my 2 cents to help others, who are looking for the same answers.
Goal
- Securely call Azure Function from an SPFx webpart/extension
- Prevent users from spoofing/faking their logins by passing them to the Azure Function
- Inside Azure function's trigger, retrieve the login information of the currently logged SPFx/SharePoint in user
Solution
- Follow this article to secure your Azure function with Azure AD. Instead of JavaScript - use C# + .NET Core: https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient-enterpriseapi
- Inside your Azure function HTTP trigger, inject ClaimsPrincipal claimsPrincipal. It will contain all claims of the currently logged in user including login: