cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Evangelizt
Helper I
Helper I

Invoke Function App from Web Form step

 I am trying to invoke a function app that I have from Portal Web Form Step on a button click. What would be the best way to achieve this? And Since this is a public facing web page where the web form is hosted how do you protect your function app from being spammed? Many thanks @v-xida-msft 

5 REPLIES 5
ragavanrajan
Super User
Super User

Hi @Evangelizt , 

 

 I am assuming it is a Azure function app you are referring to. If so 

 

1. In your Azure function app make sure you have added CORS details of your powerapps portal URL. 

To call function app from button click: 

 

1. you can use ajax call in your custom javascript area  

 

$(document).ready(function () {
    $("#btnExternalCall").click(function (e) {
 
      var serviceURL = "https://NAME_OF_AZURE_FUNCTION_GOES_HERE.azurewebsites.net/api/HttpTriggerCSharp1";
 
      $.ajax({
        url: serviceURL,
        type: "GET",
        xhrFields: {
          withCredentials: true
        },
        crossDomain: true,
        success: function (data) {
          alert("Success: " + data);
        },
        error: function (ex) {
          alert("Failure getting user token");
      }
    });
  });
});

 

To avoid spamming: 

 

In your Azure function app > you can enable the Authentication / Authorization and configure it to either Azure AD or Microsoft 

 

ragavanrajan_0-1613512970156.png

 

Hope it helps. 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

 

@ragavanrajanawesome stuff. If we enable Authentication / Authorization and configure it to either Azure AD or Microsoft for Function App, then it also prevents the calls being made from a website where users are not anonymous and sign in is not required. How do we get around this problem and still protect function app?

Evangelizt
Helper I
Helper I

@ragavanrajanseems like there is no way around this issue! https://stackoverflow.com/questions/43588012/how-to-restrict-apis-to-run-only-in-the-browser) and https://peteskelly.com/secure-functions-aad-2/ I think function app may not be the best choice then if it can be spammed if we allow anonymous requests. What do you think would be best then for reusable functionality that can be used on a button click on web portals and also on dynamics crm forms?

Hi @Evangelizt ,

If we are talking about securing azure functions there are a lot of options (see official docs here). I would advise you to look into Azure Api Management - it has things like Ip restriction, cors and different authentication policies settings. We are using it to secure our production azure functions.

----------------------------------------------------
If you find this post helpful consider marking it as a solution to help others find it.

Hi @Evangelizt , 

 

As per @OOlashyn advise there are various options in Azure. For your scenario if you want to allow unauthorized access you have to compromise on few things allow your users to browse through portal but when it comes to function app or any API call the best way is to enable authorization / authentication. If this is not suitable then you can go for ip address restriction / geo restrictions or CORS. 

May be I am thinking from the layman point of view- without enabling Authorization - Enable captcha before some one press the button for your trigger. In this way you can avoid spam / bots trying to call many times. 

 

Hope this give you some thoughts to think about it. 

 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

 

 

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are Your Ready?

Test your skills now with the Cloud Skill Challenge.

secondImage

Demo Extravaganza is Back!

We are excited to announce that Demo Extravaganza for 2021 has started!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Top Solution Authors
Users online (50,626)