How to invoke Azure Logic App HTTP Triggers from Azure function using Managed identity

Debashis Jena 71 Reputation points
2023-05-16T12:49:31.86+00:00

We have a requirement to invoke HTTP request trigger in Azure logic app from Azure Function.

How to invoke the Logic app HTTP trigger from Azure Function app using Managed identity authentication?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,934 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Sedat SALMAN 13,265 Reputation points
    2023-05-17T01:06:49.31+00:00
    1 person found this answer helpful.

  2. MuthuKumaranMurugaachari-MSFT 22,256 Reputation points
    2023-05-25T17:45:56.74+00:00

    Debashis Jena Thanks for posting your question in Microsoft Q&A. As shared by Sedat SALMAN, you would need to enable system-assigned managed identity for Azure Functions and assign appropriate role for the identity in Logic Apps (IAM). Then, use DefaultAzureCredential class from the Azure.Identity package to obtain an access token for the Managed Identity (DefaultAzureCredential.GetTokenAsync Method) and call Azure Logic Apps HTTP trigger with that token.

    Refer Access token retrieval section in https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential.gettokenasync?view=azure-dotnet which also has code snippet using Azure.Identity library (and scope). The below code snippet was generated by AI tool and consider it just for reference.

    using Azure.Identity;
    using System.Net.Http;
    using System.Threading.Tasks;
    
    public static async Task Run(HttpRequestMessage req, ILogger log)
    {
        var credential = new DefaultAzureCredential();
        var token = await credential.GetTokenAsync(new Azure.Core.TokenRequestContext(new[] { "https://management.azure.com/.default" }));
    
        var client = new HttpClient();
        client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token.Token);
        var response = await client.GetAsync("https://<logic-apps-http-trigger-url>");
    
        log.LogInformation(await response.Content.ReadAsStringAsync());
    }
    

    I hope this helps and if you face any issues, let us know. Would be happy to answer any questions.

    0 comments No comments

  3. MikeBurek 0 Reputation points
    2023-12-02T18:35:28.5533333+00:00

    I think this blog is the proper answers, to make sure that the HTTP trigger that starts the Logic App only allows a specific Azure Managed Identity to start the Logic App:
    https://hybridbrothers.com/using-managed-identities-in-logic-app-http-triggers/

    Web Archive: https://web.archive.org/web/20231202183429/https://hybridbrothers.com/using-managed-identities-in-logic-app-http-triggers/

    0 comments No comments