Problem Statement – The blog caters to explaining a use case in which we used JWT libraries to authenticate calls between two different environments.
The consumer application is an Azure Function App deployed on Azure Cloud which needs to monitor calls happening from another application.
Background – The central idea behind the integration is to ensure that the authentication mechanism follows the same guidelines even if the consumer application is changed from Azure Function to something else.
In am Azure Function we can use the mentioned below authentications
a) Active Directory Authentication with Cloud AD.
b) Authentication with other identities provider like Facebook, Gmail etc.
c) App Service Authentication using OAuth2 token validation.
In this particular implementations, as illustrated in the diagram, there could be multiple consumer applications each following their own authentication guidelines.
Using JWT libraries, we can lay down a framework
a) Which will involve no change in the source application.
b) A consistent authentication which can be implemented in different consumer applications irrespective of there underlying implementation.
In this particular example, we will discuss the approach using Certificates. As illustrated in the diagram, mentioned below steps will be executed
a) Encoding the data which needs to be transferred using a Private Certificate.
b) When we use JWT libraries to encode, it creates three sets of encoded characters
Header – Containing the algorithm used for encoding.
Payload – Containing the encoded object, time at which the payload was generated.
Signature – Secret which needs to be verified while authentication.
c) In the consumer application, decode the data using the public certificate. If required we can also pass some other parameters like Validating lifetime of the event, Validating issuer of the event etc.
As a side note, in an Azure Function, we can save the certificates in SSL settings.
Please note that to use the public certificates , as highlighted in the above screenshot, the hosting Plan of the Azure Function App must be “App Service Plan” and not “Consumption Plan”
Code Snippet –
Mentioned below indicates a code snippet which can be used for the reference. Please note we will need to install a Nuget package for the JWT library as well. Please refer below the screenshot for the same
// Deserialize the request and retrieve the event details
NotificationEvent ObjModel = JsonConvert.DeserializeObject< NotificationEvent >(JsonContent);
var tokenHandler = new JwtSecurityTokenHandler();
//Thumbprint of Certificate to use
string thumbprint = “XXXXXXXXXXXXXX”;
// Loading the Certifications in Azure Function
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
// Finding the Certifcate based upon the thumbprint
X509Certificate2Collection certCollection = certStore.Certificates.Find(
if (certCollection.Count > 0)
var certificate = certCollection;
// Reading Key from the Certificate
var rsa = certificate.GetRSAPublicKey();
// Creating the parameters which will be used for JWT token verification
var validationParameters = new TokenValidationParameters
IssuerSigningKey = new RsaSecurityKey(rsa),
ValidateIssuerSigningKey = true,
ValidateIssuer = false,
ValidateLifetime = true, // This will validate the lifetime of event also.
ValidateAudience = false
// This will throw exception if the validation fails
var principal = tokenHandler.ValidateToken(ObjModel.Notification, validationParameters, out SecurityToken securityToken);