How does C# Azure Function App Access Cosmos DocumentDb? Confusion about App Settings & Connection Strings

Siegfried Heintze 1,861 Reputation points
2022-10-12T16:11:54.973+00:00

I'm looking at the appsettings portal.azure.com for my cosmosDB instance and I'm confused about connection strings v app settings...

  1. I've also been reading azure-function-unable-to-read-app-settings-and-connection-strings and would like some additional clarification: If I create an in process azure function app, what version is this?
  2. Can someone point me to the Microsoft documentation for fetching app settings and connection strings inside a function app? Are the rules different for v1 vs v2 vs v3?
  3. The C# cosmos client wants an endpoint and an account key instead of a connection string. This is confusing! So I say, lets store the cosmos endpoint and account key in the app settings. But the portal says that connection strings are encrypted. How can I securely use the cosmos client inside an in-process Function App? Can I be secure with App Settings? Do I need to parse the connection string to extract the endpoint and key? Is there a C# example of this somewhere?
  4. It also says that I must use entity frame work to use the connection string... Is this true? What is it about entity framework that allows me to use connection strings? Is there a certain entity frame work function call I must make or is the mere presence of the nuget package enough?
  5. I suppose I could use role based access (RBAC) instead of connection strings but I'm not clear (at this point) what roles I would need because I don't know if I going to need to be creating cosmos databases and containers inside this function app. I see the C# sample code that I downloaded when I used the portal to create the CosmosDB instance dynamically creates databases and containers and I don't know if my function app will need to do this... It might be useful in the development process to just delete the container and have function app recreate the databases and containers as needed...
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,382 questions
0 comments No comments
{count} votes

Accepted answer
  1. MughundhanRaveendran-MSFT 12,441 Reputation points
    2022-10-13T10:25:42.853+00:00

    Hi @Siegfried Heintze ,

    Thanks for posting this query in Q&A forum.

    Here are the answers to your queries

    • I've also been reading azure-function-unable-to-read-app-settings-and-connection-strings and would like some additional clarification: If I create an in process azure function app, what version is this?

    By default, function apps created in the Azure portal and by the Azure CLI are set to version 4.x. You can modify this version if needed.

    https://learn.microsoft.com/en-us/azure/azure-functions/functions-versions?tabs=azure-cli%2Cwindows%2Cin-process%2Cv4&pivots=programming-language-csharp#creating-1x-apps

    • Can someone point me to the Microsoft documentation for fetching app settings and connection strings inside a function app? Are the rules different for v1 vs v2 vs v3?

    System.Environment.GetEnvironmentVariable("setting name") should give the details about the function app's settings
    It is the same for all the host runtime versions but it varies from language to language.

    https://stackoverflow.com/questions/43556311/reading-settings-from-a-azure-function

    • The C# cosmos client wants an endpoint and an account key instead of a connection string. This is confusing! So I say, lets store the cosmos endpoint and account key in the app settings. But the portal says that connection strings are encrypted. How can I securely use the cosmos client inside an in-process Function App? Can I be secure with App Settings? Do I need to parse the connection string to extract the endpoint and key? Is there a C# example of this somewhere?

    For a cosmos db triggered function app, there will be an app setting called "cosmosdbname_COSMOSDB" which consists of endpoint and account key. Please note that, this is present in app setting and not in connection string. The connection string is only used for SQL connections. Connection strings should only be used with a function app if you are using entity framework. For other scenarios use App Settings. So there is no need to look into connection strings

    • It also says that I must use an entity framework to use the connection string... Is this true? What is it about entity framework that allows me to use connection strings? Is there a certain entity frame work function call I must make or is the mere presence of the nuget package enough?

    Entity framework is applicable onl when you have SQL connectivity

    • I suppose I could use role based access (RBAC) instead of connection strings but I'm not clear (at this point) what roles I would need because I don't know if I going to need to be creating cosmos databases and containers inside this function app. I see the C# sample code that I downloaded when I used the portal to create the CosmosDB instance dynamically creates databases and containers and I don't know if my function app will need to do this... It might be useful in the development process to just delete the container and have function app recreate the databases and containers as needed...

    If you wish to go for RBAC approach, you will have to enable MSI for the function app and then assign the roles mentioned in the below article

    https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control#built-in-roles


0 additional answers

Sort by: Most helpful