Share via

How to generate secure random results for a coin flip game using Azure Functions?

ayla bibi 0 Reputation points
2025-08-09T07:34:54.5433333+00:00

I’m building a simple coin flip game where the user clicks a button to get “Heads” or “Tails.” Currently, the random result is generated in JavaScript on the client side, but I’m concerned this can be manipulated by users.

I want to move the random generation logic to Azure Functions so the result is processed securely on the server before sending it back to the browser.

Could anyone guide me on:

The best method to generate secure random values in C# for Azure Functions.

How to return that result to the frontend.

Any best practices for preventing users from predicting outcomes.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Obinna Ejidike 2,855 Reputation points
    2025-08-09T09:13:03.1666667+00:00

    Hi ayla bibi

    Thanks for using the Q&A platform.

    Microsoft recommends using the System.Security.Cryptography.RandomNumberGenerator class for any security sensitive random number generation in .NET. It provides cryptographically strong randomness, unlike the insecure Random class. Specifically, RandomNumberGenerator.GetInt32(0, 2) offers a secure way to generate a random 0 or 1 ideal for coin flips and is explicitly documented to use a strong RNG under the hood.

    Find documentation:
    https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.randomnumbergenerator?view=net-9.0
    https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.randomnumbergenerator.getint32?view=net-9.0

    Regarding returning the result to the frontend, you can use an Azure function to return a small JSon payload, and then your frontend uses the fetch(......).json() pattern to parse and display the result.You can find additional documentation:
    https://learn.microsoft.com/en-us/azure/static-web-apps/add-api?tabs=vanilla-javascript
    https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=python-v2%2Cisolated-process%2Cnodejs-v4%2Cfunctionsv2&pivots=programming-language-csharp

    For best practices:1. Use cryptographic RNG RandomNumberGenerator, which is secure and not predictable from previous outputs.

    1. Avoid exposing seeds or intermediate values that only return "Heads" or "Tails".
    2. Rate limiting requests prevents brute forcing by spamming the endpoint.
    3. Logging results server-side is useful for audit/troubleshooting.
    4. Use HTTPS to prevent tampering during transit.
    5. Protect the Function

    If the response was helpful, please feel free to mark it as “Accepted Answer” and consider giving it an upvote. This also benefits others in the community.

    Regards,

    Obinna.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.