The following articles may help you
https://learn.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity?tabs=consumption
https://laurakokkarinen.com/how-to-securely-trigger-azure-functions-from-azure-logic-apps/
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have a requirement to invoke HTTP request trigger in Azure logic app from Azure Function.
How to invoke the Logic app HTTP trigger from Azure Function app using Managed identity authentication?
Debashis Jena Thanks for posting your question in Microsoft Q&A. As shared by Sedat SALMAN, you would need to enable system-assigned managed identity for Azure Functions and assign appropriate role for the identity in Logic Apps (IAM). Then, use DefaultAzureCredential
class from the Azure.Identity
package to obtain an access token for the Managed Identity (DefaultAzureCredential.GetTokenAsync Method) and call Azure Logic Apps HTTP trigger with that token.
Refer Access token retrieval section in https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential.gettokenasync?view=azure-dotnet which also has code snippet using Azure.Identity
library (and scope). The below code snippet was generated by AI tool and consider it just for reference.
using Azure.Identity;
using System.Net.Http;
using System.Threading.Tasks;
public static async Task Run(HttpRequestMessage req, ILogger log)
{
var credential = new DefaultAzureCredential();
var token = await credential.GetTokenAsync(new Azure.Core.TokenRequestContext(new[] { "https://management.azure.com/.default" }));
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token.Token);
var response = await client.GetAsync("https://<logic-apps-http-trigger-url>");
log.LogInformation(await response.Content.ReadAsStringAsync());
}
I hope this helps and if you face any issues, let us know. Would be happy to answer any questions.
I think this blog is the proper answers, to make sure that the HTTP trigger that starts the Logic App only allows a specific Azure Managed Identity to start the Logic App:
https://hybridbrothers.com/using-managed-identities-in-logic-app-http-triggers/