This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 71%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Encountering a 403 This request is not authorized to perform this operation. error while using an Azure Function App on a consumption plan to connect to a Storage Account via managed identity. The system managed identity has been enabled, and the Storage Blob Data Owner role has been assigned to the function app. Additionally, the option Allow Azure services on the trusted services list to access this storage account. has been checked.
The error occurs when executing this line:
blob_client.upload_blob(blob_data, overwrite=True)
Here's the relevant code being used:
import azure.functions as func
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient
import logging
def main(req: func.HttpRequest) -> func.HttpResponse:
"""HTTP trigger to upload a blob to Azure Blob Storage."""
logging.info("HTTP trigger function received a request.")
try:
try:
req_body = req.get_json()
except ValueError:
logging.error("Invalid JSON in request body.")
return func.HttpResponse(
"Invalid JSON in request body.",
status_code=400
)
blob_name = req_body.get('blob_name')
blob_data = req_body.get('blob_data')
if not blob_name or not blob_data:
logging.error("Missing required fields: 'blob_name' and/or 'blob_data'.")
return func.HttpResponse(
"Request body must contain 'blob_name' and 'blob_data'.",
status_code=400
)
upload_blob_to_target_storage(blob_name, blob_data)
logging.info(f"Successfully uploaded blob: {blob_name}")
return func.HttpResponse(f"Successfully uploaded blob: {blob_name}", status_code=200)
except Exception as e:
logging.error(f"Error: {str(e)}")
return func.HttpResponse(f"Error: {str(e)}", status_code=500)
def upload_blob_to_target_storage(blob_name, blob_data):
"""Uploads a blob to Azure Blob Storage."""
try:
credential = DefaultAzureCredential()
storage_account_name = "# Enter your storage account name here"
container_name = "# Enter your container name here"
blob_service_client = BlobServiceClient(
account_url=f"https://{storage_account_name}.blob.core.windows.net",
credential=credential
)
container_client = blob_service_client.get_container_client(container_name)
blob_client = container_client.get_blob_client(blob_name)
blob_client.upload_blob(blob_data, overwrite=True)
logging.info(f"Blob '{blob_name}' uploaded successfully to container '{container_name}'.")
except Exception as e:
logging.error(f"Failed to upload blob '{blob_name}': {str(e)}")
raise
Hello ,
I think you need to use :
credential = ManagedIdentityCredential()
instead of DefaultAzureCredential .
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
I still encounter the same problem despite trying your suggested method. I'm wondering if this might be related to firewall restrictions. Is it possible to connect to a secured storage account without using VNet integration? Thanks for your help.