Is there a way to read Azure Queue Storage in Queue Trigger Azure function using managed identity without using connection string in the code

Question

Is there a way to read Azure Queue Storage in Queue Trigger Azure function using managed identity without using connection string in the code

Dixan Thomas 105

Currently I'm using Connection string in AzureWebStorage for the connection to Queue. I need it without connection string and only by using managed identity

using Microsoft.Azure.WebJobs;
using Microsoft.Extensions.Logging;

public static class QueueTriggerFunction
{
    [FunctionName("QueueTriggerFunction")]
    public static void Run(
        [QueueTrigger("myqueue-items", Connection = "AzureWebJobsStorage")] string message,
        ILogger log)
    {
        log.LogInformation($"Processing queue message: {message}");

        // Add your processing logic here
    }
}

Here I'm specifying AzureWebJobsStorage value as my Connection String of the storage. But I want remove the dependency on Connection String and get it by using Managed Identity

navba-MSFT 27,550 Reputation points Microsoft Employee Moderator

2023-06-30T04:30:29.6033333+00:00

@Dixan Thomas Just following up to check if the below answer helped. If that answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know. I would be happy to help.
Dixan Thomas 105 Reputation points

2023-06-30T05:16:00.9533333+00:00

Thankyou

Accepted answer

0 additional answers

Your answer

navba-MSFT 27,550 Reputation points Microsoft Employee Moderator

2023-06-30T04:30:29.6033333+00:00

@Dixan Thomas Just following up to check if the below answer helped. If that answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know. I would be happy to help.
Dixan Thomas 105 Reputation points

2023-06-30T05:16:00.9533333+00:00

Thankyou

Answer 1

@Dixan Thomas Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

I understand that you want to use Managed Identity to interact with queue storage from FuntionApp instead of using Connection String.

You need to first leverage v5.0 version of Microsoft.Azure.WebJobs.Extensions.Storage.Queues. This version introduces the ability to connect using an identity instead of a secret. For a tutorial on configuring your function apps with managed identities, see the creating a function app with identity-based connections tutorial.

dotnet add package Microsoft.Azure.WebJobs.Extensions.Storage.Queues --version 5.0.0

Once the above steps are followed, Your application may require additional permissions based on the code you write. You need to have the below RBAC permissions on Azure Storage for your Function APP.


Trigger	Storage Queue Data Reader, Storage Queue Data Message Processor
Output binding	Storage Queue Data Contributor, Storage Queue Data Message Sender

Below settings are also needed in your json:

"AzureWebJobsStorage__queueServiceUri": "https://mystorage.queue.core.windows.net/",
"AzureWebJobsStorage__credential": "managedidentity"

More Info about the above settings are below:

AzureWebJobsStorage__credential	Defines how a token should be obtained for the connection. This setting should be set to "managedidentity" if your deployed Azure Function intends to use managed identity authentication. This value is only valid when a managed identity is available in the hosting environment.

AzureWebJobsStorage__queueServiceUri	The data plane URI of the queue service of the storage account, using the HTTPS scheme.	https://<storage_account_name>.queue.core.windows.net

References:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-storage-queue?tabs=in-process%2Cextensionv5%2Cextensionv3&pivots=programming-language-csharp#install-extension

Also refer : Azure Functions - use queue trigger with managed identity

** Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Akash Madhu 0 Reputation points

2023-07-06T13:58:18.98+00:00

I need to create a project with three different types of Azure Functions triggers: HTTP, Timer, and Queue. I want to have all these functions in a single C# file. I have attempted to implement this, but I'm encountering errors. When I select the HTTP trigger, the other two triggers give me errors. The reason I'm trying to do this is that I only have one Function App resource in my Azure resource group, and I need to implement all three functions within that resource. I have attached the code for reference. Could you please help me resolve the issue?

Here's the code you provided:

using Microsoft.Azure.WebJobs; using Microsoft.Azure.WebJobs.Extensions.Http; using Microsoft.Extensions.Logging; using System.Net; using System.Net.Http; using System.Threading.Tasks; public static class MyFunction { [FunctionName("MyHttpTrigger")] public static async Task<HttpResponseMessage> HttpTrigger( [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequestMessage req, ILogger log) { log.LogInformation("HTTP trigger function processed a request."); // Process your logic here return req.CreateResponse(HttpStatusCode.OK, "HTTP trigger function executed successfully"); } [FunctionName("MyTimerTrigger")] public static async Task TimerTrigger( [TimerTrigger("0 */5 * * * *")] TimerInfo myTimer, ILogger log) { log.LogInformation($"Timer trigger function executed at: {DateTime.Now}"); // Process your logic here } [FunctionName("MyQueueTrigger")] public static void QueueTrigger( [QueueTrigger("myqueue-items", Connection = "AzureWebJobsStorage")] string myQueueItem, ILogger log) { log.LogInformation($"Queue trigger function processed message: {myQueueItem}"); // Process your logic here } }

Share via

Is there a way to read Azure Queue Storage in Queue Trigger Azure function using managed identity without using connection string in the code

0 additional answers

Your answer