cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Evangelizt
Helper I
Helper I

Invoke Function App from Web Form step

 I am trying to invoke a function app that I have from Portal Web Form Step on a button click. What would be the best way to achieve this? And Since this is a public facing web page where the web form is hosted how do you protect your function app from being spammed? Many thanks @v-xida-msft 

5 REPLIES 5
ragavanrajan
Super User
Super User

Hi @Evangelizt , 

 

 I am assuming it is a Azure function app you are referring to. If so 

 

1. In your Azure function app make sure you have added CORS details of your powerapps portal URL. 

To call function app from button click: 

 

1. you can use ajax call in your custom javascript area  

 

$(document).ready(function () {
    $("#btnExternalCall").click(function (e) {
 
      var serviceURL = "https://NAME_OF_AZURE_FUNCTION_GOES_HERE.azurewebsites.net/api/HttpTriggerCSharp1";
 
      $.ajax({
        url: serviceURL,
        type: "GET",
        xhrFields: {
          withCredentials: true
        },
        crossDomain: true,
        success: function (data) {
          alert("Success: " + data);
        },
        error: function (ex) {
          alert("Failure getting user token");
      }
    });
  });
});

 

To avoid spamming: 

 

In your Azure function app > you can enable the Authentication / Authorization and configure it to either Azure AD or Microsoft 

 

ragavanrajan_0-1613512970156.png

 

Hope it helps. 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

 

@ragavanrajanawesome stuff. If we enable Authentication / Authorization and configure it to either Azure AD or Microsoft for Function App, then it also prevents the calls being made from a website where users are not anonymous and sign in is not required. How do we get around this problem and still protect function app?

Evangelizt
Helper I
Helper I

@ragavanrajanseems like there is no way around this issue! https://stackoverflow.com/questions/43588012/how-to-restrict-apis-to-run-only-in-the-browser) and https://peteskelly.com/secure-functions-aad-2/ I think function app may not be the best choice then if it can be spammed if we allow anonymous requests. What do you think would be best then for reusable functionality that can be used on a button click on web portals and also on dynamics crm forms?

Hi @Evangelizt ,

If we are talking about securing azure functions there are a lot of options (see official docs here). I would advise you to look into Azure Api Management - it has things like Ip restriction, cors and different authentication policies settings. We are using it to secure our production azure functions.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

Hi @Evangelizt , 

 

As per @OOlashyn advise there are various options in Azure. For your scenario if you want to allow unauthorized access you have to compromise on few things allow your users to browse through portal but when it comes to function app or any API call the best way is to enable authorization / authentication. If this is not suitable then you can go for ip address restriction / geo restrictions or CORS. 

May be I am thinking from the layman point of view- without enabling Authorization - Enable captcha before some one press the button for your trigger. In this way you can avoid spam / bots trying to call many times. 

 

Hope this give you some thoughts to think about it. 

 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

 

 

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

Power Query PA Forum 768x460.png

Check it out!

Did you know that you can visit the Power Query Forum in Power BI and now Power Apps

V3_PVA CAmpaign Carousel.png

Community Challenge - Giveaways!

Participate in the Power Virtual Agents Community Challenge

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Carousel April Dunnam Updated 768x460.jpg

Urdu Hindi D365 Bootcamp

Dont miss our very own April Dunnam’s The Developer Guide to the Galaxy! Find out what the Power Platform has to offer for the traditional developer.

Users online (2,220)