This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 17%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
We have a requirement to invoke HTTP request trigger in Azure logic app from Azure Function.
How to invoke the Logic app HTTP trigger from Azure Function app using Managed identity authentication?
Hi Sedat,
Thanks for you response.
But our requirement is exact opposite to what you have shared. We want to invoke Logic App trigger(Http request trigger) from a Azure Function using managed identity.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
We have a similar requirement, any insight on function app -> logic app (without using SAS tokens) would be great
You can use Managed Identity in Azure Function to invoke an HTTP request trigger in Azure Logic App
Enable System Assigned Managed Identity for the Azure Function: In Azure portal, navigate to your Azure Function, go to the Identity pane, and switch the status of the System Assigned Managed Identity to On. This will create an identity that you can use to authenticate your Function App.
Assign the Azure Function's identity the appropriate role in Logic App's Access Control (IAM): Navigate to your Logic App in Azure portal, then go to Access Control (IAM) and add a role assignment. Choose the role which has the necessary permissions (such as Logic App Operator) and select the identity of your Azure Function app.
Obtain Access Token in Azure Function: In your Azure Function code, use the Azure Service-to-service authentication library (Microsoft.Azure.Services.AppAuthentication) to obtain an access token for Logic App.
example code
var azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/");
Invoke Logic App's HTTP Trigger from Azure Function: Once you have the access token, you can use it to authenticate the request to the Logic App's HTTP trigger.
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpResponseMessage response = await client.PostAsync(logicAppUrl, new StringContent(payload, Encoding.UTF8, "application/json"));
Hi Sedat,
We tried generating access token using the code you provided above. But we found that AzureServiceTokenProvider library has been retired and is no longer supported or maintained.
Can you please suggest some other way which we can use to generate the access token.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Debashis Jena Thanks for posting your question in Microsoft Q&A. As shared by Sedat SALMAN, you would need to enable system-assigned managed identity for Azure Functions and assign appropriate role for the identity in Logic Apps (IAM). Then, use DefaultAzureCredential class from the Azure.Identity package to obtain an access token for the Managed Identity (DefaultAzureCredential.GetTokenAsync Method) and call Azure Logic Apps HTTP trigger with that token.
Refer Access token retrieval section in https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential.gettokenasync?view=azure-dotnet which also has code snippet using Azure.Identity library (and scope). The below code snippet was generated by AI tool and consider it just for reference.
using Azure.Identity;
using System.Net.Http;
using System.Threading.Tasks;
public static async Task Run(HttpRequestMessage req, ILogger log)
{
var credential = new DefaultAzureCredential();
var token = await credential.GetTokenAsync(new Azure.Core.TokenRequestContext(new[] { "https://management.azure.com/.default" }));
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token.Token);
var response = await client.GetAsync("https://<logic-apps-http-trigger-url>");
log.LogInformation(await response.Content.ReadAsStringAsync());
}
I hope this helps and if you face any issues, let us know. Would be happy to answer any questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 45%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
I think this blog is the proper answers, to make sure that the HTTP trigger that starts the Logic App only allows a specific Azure Managed Identity to start the Logic App:
https://hybridbrothers.com/using-managed-identities-in-logic-app-http-triggers/