question

Amar avatar image
Amar asked

Block UnVerified users from Accessing Custom CloudScripts and Azure functions?

@Brendan We plan to use PlayFab's OpenID to connect with Microsoft's Active Directory and have users confirm email login and verification before they can access any other services in the APP.

For security reasons we want to block users who have not verified their PlayFab account from accessing custom cloud scripts (Azure functions). Is there a way to block client users who have logged in using CustomID (a potential BOT or hacker) and have NOT verified via email from accessing custom cloud scripts?

CloudScriptAuthentication
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

If that's meant to be the only valid login, you could just turn off all the other login API calls using the API Policy (https://docs.microsoft.com/en-us/gaming/playfab/api-references/api-access-policy).

It's not possible to prevent some clients from calling an exposed endpoint (one that hasn't been turned off), but not others. However, if turning off the other login calls won't work for you, what you could do would be to check the player profile in the script, and simply not do the rest of the processing if they don't have a linked account that's of the right type.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.